Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

LDAP attribute not working for 1 user

Created: 14 Oct 2011 • Updated: 04 Nov 2011 | 2 comments
Julian_M's picture
This issue has been solved. See solution.

Configured LDAP attribute "memberOf"  to match directory users to policy

One user is not being matched although he was add to active directory group. All the rest of group members are matched.

Comments 2 CommentsJump to latest comment

Sarah Mays's picture

First thing i would do is to turn on debug logging to see why PGP universal server is unable to group this user correctly.

http://www.symantec.com/business/support/index?pag...

It would be helpful to know which version of PGP universal server you are running.. previous versions (pre 3.0 i think) had some serious issues with LDAP referrals and being unable to add users appropriately without first manually adding the user to a consumer group then having the user re-enroll. 

After you turn on debug logging have the user re-enroll again and watch the groups and client logs.

a side note, if a user enrolls before they can be put into a correct AD group, it will take 6-12 hours for PGP universal server (i'm running 3.1.2, don't know if this is still an issue with 3.2) to re-group consumers. There's a work around to force the universal server to re-group consumers.. it requires SSH access and using the pgpgrouptool.

SOLUTION
Julian_M's picture

thanks a lot for the information!

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.