000021735 - Group-based entitlements do not work when using Microsoft Active Directory Application Mode (ADAM) datastore and RSA ClearTrust 5.5.x

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021735
Applies ToRSA ClearTrust 5.5.x
Microsoft Active Directory Application Mode (ADAM)
IssueGroup-based entitlements do not work when using Microsoft Active Directory Application Mode (ADAM) datastore and RSA ClearTrust 5.5.x
CauseThe "cleartrust.data.ldap.only_use_memberof_attribute" parameter, in the ldap.conf, is set to "true".
ResolutionThe "cleartrust.data.ldap.only_use_memberof_attribute" parameter, in the ldap.conf, is set to "true" by default. In order for the aserver to properly retrieve group-based entitlements from the Microsoft Active Directory Application Mode (ADAM) datastore, this parameter must be set to "false"

NOTE: To make the change take effect immediately, you need to restart the agent since protected resources are cached. Otherwise you'll have to wait until the cache's TTL expires.
Legacy Article IDa24702

Attachments

    Outcomes