Last Modified: May 01, 2020
Opened: Aug 10, 2016
A BIG-IQ is configured for LDAP authentication and roles are assigned to different groups. When a user tries to log in, the authentication is successful but the user does not get the role specified for its group.
The BIG-IQ user logged in via ldap is got getting the role it should be based on its ldap group membership.
BIG-IQ is using an ldap server that is not not allow the user to request its group membership.
The BIG-IQ can assign the role directly to the user, rather than via the ldap group.
BIG-IQ has changed the way it binds to the ldap server such that it no longer requires that the user has visibility into its group membership.