While making a rule to check if the user is a member of a specific AD group, I noticed that when retrieveing the ad groups of the AD user using Authentication.UserGroups property, it doesnt show all the groups that are shown when viewing AD "Member Of" tab of the user in AD users and computers. When I perform the Authentication Test in the Settings> Authentication> AD Authentication, not all of the groups the AD user is a member of is shown. Any idea why this is the case?
Solved! Go to Solution.
Web Reporter was able to retrieve the distribution groups using LDAP parameters... so I guess it should work for Web Gateway too.
Yup, i found Authentication.GetUserGroups<authentication> and used LDAP authentication to get the distribution groups also. Thanks for the help
So I am now authenticating using NTLM and when it comes to checking if the user is a member of a distribution group i use the above function. In the LDAP configuration, I have selected memberOf as the attribute to retrieve.
I hope I am implementing this in the right way and does not cause any erratic behaviour when retrieving the groups.Message was edited by: prajoshgeorge on 9/17/13 8:30:15 PM AST
How many groups are shown assigned to the user within AD? Though, I doubt you should run into a paging issue for MemberOf values.
And do you have a search base specified for what groups you're looking for? Or are you simply trying to return every group a user has?
I have selected both local and global.
For example, in my case, I am a member of 22 groups, but MWG shows only 12 in the Authentication test, even rule tracing shows the same 12 groups.
If it helps, out of the 12, one group I am not directly a member, but the group I belong to is a member so that shows up as me being a member which is ok.
The rule I am trying to create is checking if the user is a member of a group X, but it doesnt show the group in MWG even though it is there in AD
Of course , the user is a direct member of the group I am trying to check. I tried the authentication test for 3-4 users, it happens to all of them.
Did you recently add them to these groups? The authentication cache could play a factor if you set it to a really high value.
No, they were present in the group for more than 2-3 years, i recently migrated to 184.108.40.206 from 6.9.4. Same for my case.Initally "Get global groups" was only ticked, 6 hours back I enabled "get local groups" also. 15 mins back I tried the authentication test and yet it doesnt show all the groups. Only the same groups I saw earlier.
Just tested the recursive/nested group support - for science. And it's pulling all my user's memberOf information into the Authenticated.UserGroups property.
How many groups is the user a member of? I tried AD users with 2 -3 groups and it retrieves them.Message was edited by: prajoshgeorge on 05/09/13 13:37:23 CDT