Security Analytics 10.4 and higher: unable to search and find existing Active Directory user groups when using PAM Authentication
RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Server RSA Version/Condition: 10.4.0.x, 10.4.1, 10.5.0, 10.5.0.1 Platform: CentOS
When using pam authentication and attempting to locate an external user group (which has been verified to exist using ldapsearch), the Security Analytics UI times out after 30 seconds, even though the group is valid.
This has been determined to be a product defect in the Security Analytics API search mechanism. The external Active Directory group is returned to the SA server (as verified when viewing a tcpdump), but is not displayed in the UI.
This defect is slated to be corrected in 10.4.1.2 and in 10.5.1. A hotfix is available for 10.5.0.1. To obtain the hotfix, contact RSA customer support.
To verify that the user group exists, use ldapsearch from the command line, example:
ldapsearch -x -L -h <ad hostname or ip> -p <ad port number> -b dc=<mycompany>,dc=<com> -D <admins, upn, such as firstname.lastname@example.org> -W cn=<ad group name>*
Adjust all items in <> to the environments' Active Directory server accordingly. This will verify that the group being searched can be found and that there is no other rudimentary connectivity issue to Active Directory.