000030675 - Security Analytics 10.4 and higher: unable to search and find existing Active Directory user groups when using PAM Authentication

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030675
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.4.0.x, 10.4.1, 10.5.0,
Platform: CentOS
IssueWhen using pam authentication and attempting to locate an external user group (which has been verified to exist using ldapsearch), the Security Analytics UI times out after 30 seconds, even though the group is valid.
CauseThis has been determined to be a product defect in the Security Analytics API search mechanism.  The external Active Directory group is returned to the SA server (as verified when viewing a tcpdump), but is not displayed in the UI.
ResolutionThis defect is slated to be corrected in and in 10.5.1.  A hotfix is available for  To obtain the hotfix, contact RSA customer support.
NotesTo verify that the user group exists, use ldapsearch from the command line, example:
   ldapsearch -x -L -h <ad hostname or ip> -p <ad port number> -b dc=<mycompany>,dc=<com> -D <admins, upn, such as admin@mydomain.com> -W cn=<ad group name>*
ldapsearch -x -L -h ad.mycompany.com -p 3268 -b dc=mycompany,dc=com -D admin@mydomain.com -W cn=SecurityAnalyticsUsers

Adjust all items in <> to the environments' Active Directory server accordingly.  This will verify that the group being searched can be found and that there is no other rudimentary connectivity issue to Active Directory.