Guest

Preview Tool

Cisco Bug: CSCvu80236 - retrieve AD attributes when user account is locked

Last Modified

Jun 30, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.906)

Description (partial)

Symptom:
when an Active directory account is LOCKED, ISE doesn't retrieve any AD attributes linked to that account. i.e : Active Directory groups membership or Authorization profile attributes.
this is expected as ISE AD runtime will fail identity resolution when attempting AD lookups on a locked or disabled user account.

Conditions:
user is locked in AD
authorization rules has AD attribute condition
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.