Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

LDAP Auth, LDAP Query with UPN fails

Go to solution
The-messenger
Cirrostratus
Cirrostratus

‎20-Jul-2022 07:02

I have a basic policy using LDAP auth and UPN, this works fine, auth is successful.  The LDAP query appears to be successful but moves to fallback.  

LDAP Query and Auth Searchfilter set to  (userPrincipalName=%{session.logon.last.username}) 
LDAP Query and Auth SearchDN set to OU=sites,DC=domain,DC=local  

Branch rule set to expr {[mcget {session.ldap.last.attr.memberOf}] contains "Intune-Test"}

EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_auth_ag.authresult' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_auth_ag.errmsg' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_auth_ag.errmsgext' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_auth_ag.totalEntries' set to '0'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.dn' set to 'CN=User Name,OU=Users,OU=NSC,OU=sites,DC=domain,DC=local'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.memberOf' set to '#{Session_Variable_Value}'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.objectClass' set to '| top | person | organizationalPerson | user |'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.objectSid' set to '0x01024254324540053453E679278BB1B516836C7DAE0100'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.sAMAccountName' set to 'user'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.attr.userPrincipalName' set to 'user@domain.com'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.errmsg' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.errmsgext' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.queryresult' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.EAS-Outlook.access_act_ldap_query_ag.totalEntries' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.dn' set to 'CN=User Name,OU=Users,OU=NSC,OU=sites,DC=domain,DC=local'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.memberOf' set to '#{Session_Variable_Value}'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.objectClass' set to '| top | person | organizationalPerson | user |'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.objectSid' set to '0x01024254324540053453E679278BB1B516836C7DAE0100'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.sAMAccountName' set to 'user'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.attr.userPrincipalName' set to 'user@domain.com'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.authresult' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.errmsg' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.errmsgext' set to ' '
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.queryresult' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.ldap.last.totalEntries' set to '1'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.logon.page.errorcode' set to '0'
EAS-Outlook.access:Common:6e95b221: Session variable 'session.policy.result' set to 'deny'

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
The-messenger
Cirrostratus
Cirrostratus

‎21-Jul-2022 07:39

The problem I had here was the memberOf group I was using for testing.   Tested with another group and it's good.

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
The-messenger
Cirrostratus
Cirrostratus

‎21-Jul-2022 07:39

The problem I had here was the memberOf group I was using for testing.   Tested with another group and it's good.

0 Kudos
Copyright © 2023 Khoros, LLC