Empty groups after LDAP group synchronization due to incorrect group scope
Article ID: KB0079470
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
When using global catalog port in your LDAP configuration on your TIBCO Spotfire Server configuration with group sync enabled, after a completed synchronization there are some groups which are coming in empty without any users under those groups.
Issue/Introduction
How Group scope plays a role during LDAP group synchronization
Resolution
There may be other possible causes such as the LDAP bind account having insufficient privileges to read the member/memberOf properties on the user and group objects, but one potential issue is the scope defined on the group object in the directory.
To resolve, change the group scope from "Global" to "Universal". If the global catalog is used in the LDAP configuration then the group scope has to be "Universal".
To resolve, change the group scope from "Global" to "Universal". If the global catalog is used in the LDAP configuration then the group scope has to be "Universal".
Additional Information
Group Scope:
KB: Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration.
KB: Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration.
Feedback
Yes
No
Powered by
