4 Replies Latest reply on Feb 18, 2011 6:30 AM by mattw2

    Odd error in Connector Manager - AD connector using Search Groups

    mattw2

      I'm testing/setting up new connector manager rules and found the "Search Groups" option potentially more helpful and easier to configure than the Search Settings.  We are on Version 5.2.5  But we're getting a problem where users are not being recognised as users.

       

      At present i have two AD connector tasks... one for our regular user accounts, currently set with "Search Settings", so is pointing at the OU in active directory where our regular users sit. This works OK, but i need to reconfigure it for other reasons....

       

      Second main connector task/config is for special "admin" user accounts which sit in a separate OU in AD. This had been setup with Search Settings pointing at the other OU. However, i've changed this to use "Search Groups", and getting unexpected behaviour.

      Basically, i've specified 3 groups, each has a number of users in it. Reviewing the log when the task runes, it correctly identifies the groups as groups.

      eg:

      09/02/2011 15:15:57  Checking if dn 'CN=PV-McAfee-EE-Administrators,OU=Privileges,OU=BCC Controls,DC=buckscc,DC=gov,DC=uk' is a group
      09/02/2011 15:15:57  ldap reports = 0 (Success)

      its the next stage where things go wrong.

      09/02/2011 15:15:57  Checking if dn 'CN=Wheeler\, Matthew (PV User),OU=Privileges,OU=BCC Controls,DC=buckscc,DC=gov,DC=uk' is a group
      09/02/2011 15:15:57  ldap reports = 0 (Success)
      then later in the same sync....

      09/02/2011 15:15:57  Checking if dn 'CN=Wheeler\, Matthew (PV User),OU=Privileges,OU=BCC Controls,DC=buckscc,DC=gov,DC=uk' is a user
      09/02/2011 15:15:57  ldap reports = 0 (Success)
      09/02/2011 15:15:57  ...failed - not a user

       

      This seems to happen for all users within the groups, apart from one user, where we get these entries....

      09/02/2011 15:15:57  Checking if dn 'CN=Barnett (PV)\, Rodney,OU=Privileges,OU=BCC Controls,DC=buckscc,DC=gov,DC=uk' is a group
      09/02/2011 15:15:57  ldap reports = 0 (Success)

      then later...

      09/02/2011 15:15:57  Checking if dn 'CN=Barnett (PV)\, Rodney,OU=Privileges,OU=BCC Controls,DC=buckscc,DC=gov,DC=uk' is a user
      09/02/2011 15:15:57  ldap reports = 0 (Success)
      09/02/2011 15:15:57  User added to list.

       

      I can't see any difference between the 1 account that works and the 20-30 that don't. AD lists all as "object class User".

      I  can confirm the accounts are user accounts.

       

      for info i've also logged with McAfee Support, but wondered if anyone here had any clues/suggestions on sorting this out.

       

      thanks in advance

       

      Matt.

       

       

      Message was edited by: mattw2 on 16/02/11 03:52:25 CST