LDAP Integration cannot find user ID

Document ID : KB000095271
Last Modified Date : 09/05/2018
Show Technical Document Details
Issue:
hub LDAP integration, user not found

When searching through the hub logs, it appears that the ID is located, lists the groups that the account is a member of, but fails afterwards.  The account name is "abcd." The ID is a member of a group that we use for access and ACL setup.  The groups are flat, and other ID's that are a member of it can login fine.  It is also located in a sub OU of where we have the ldap search configured in the hub settings.
Environment:
- UIM 8.5.1
Cause:
Workstation logon controls.

In this case there was a userWorkstations attribute set in AD to only allow that ID to login to a few specific workstations.screen.

Since the authentication is being passed through the Primary Hub, that was reason it was getting blocked.

Short term workaround:
- Create a local user with a matching LAN password.

 
Resolution:
Modify the AD rule to allow the user to login to the UMP machine.

userWorkstations attribute

Contains the NetBIOS or DNS names of the computers from which the user can log on. Each NetBIOS name is separated by a comma. Multiple names should be separated by commas.

Additional Information:
Reference:
https://msdn.microsoft.com/en-us/library/ms680868(v=vs.85).aspx