Checked with domain admin. No changes have been made at AD at all.
I found something else too. I deleted that LDAP group and also LDAP user. Then tried to login and gave me same message. So this message appears when user from AD is trying to login to Unity, but is not have been added to Unity as an LDAP user. Even if user has been added as through an LDAP group, it's not working. But once user has been added as an LDAP user to Unity, it works fine.
So I am thinking even though it says role mapping successful for adding an LDAP group, it is actually not adding that group.
kkra1
1 Rookie
•
9 Posts
0
October 20th, 2016 12:00
https://support.emc.com/kb/489436
Found this kb and it solved my issue. LDAP group name is case sensitive.
But, still it should have just shown as failed role mapping instead of successful.
Anyhow, it is working now.
maniemc
169 Posts
1
October 19th, 2016 05:00
it looks like, user is ok but the group membership is not able to validate/verify.
Something must have changed at the AD - can you check the group details with the domain admin, including any audit history of what is changed?
kkra1
1 Rookie
•
9 Posts
0
October 20th, 2016 09:00
Thank you maniemc for reply.
Checked with domain admin. No changes have been made at AD at all.
I found something else too. I deleted that LDAP group and also LDAP user. Then tried to login and gave me same message. So this message appears when user from AD is trying to login to Unity, but is not have been added to Unity as an LDAP user. Even if user has been added as through an LDAP group, it's not working. But once user has been added as an LDAP user to Unity, it works fine.
So I am thinking even though it says role mapping successful for adding an LDAP group, it is actually not adding that group.
Thank you!
Rainer_EMC
4 Operator
•
8.6K Posts
1
October 20th, 2016 13:00
thanks for the feedback
yes some things in Unix are historically case sensitive
Windows is more often just case preserving