Guest

Preview Tool

Cisco Bug: CSCte80006 - Issue With Importing Users from proxy Ldap Store

Last Modified

Feb 23, 2010

Products (1)

  • Cisco Policy Administration Point

Known Affected Releases

3.2

Description (partial)

Symptom:

We are using an LDAP proxy that returns LDAP data from an Active
Directory user store.  We have configured the LDAP proxy as a User Attribute Source in the
PAP.  When we try to import users using this source, no users are returned.  When we use
the same search filters to find users from a User Attribute Source configured to use the
Active Directory LDAp store directly, users are returned and we can import them.  We have
confirmed through tcpdump that the PAP is connecting to the LDAP Proxy successfully and
bringing back data to the PAP.  We think that the issue is with the sAMAccountName
attribute as processed by the PAP.  We noticed that when we use ldapsearch to search for
users going directly against the AD server the attribute is returned in mixed case (
sAMAccountName ).  However when we use ldapsearch to search for users while binding to the
proxy, we noticed that the attribute is returned in all lower case ( samaccountname ).  We
think that PAP is searching for this attribute in a caseSensitive manner, and this is why
the no users are being return. 

Conditions:NA
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.