1

Fail to get Active Directory users groups

Issue:

In the Admin, when assigning Pyramid roles to AD Groups, the role fails to propagate to the user, when the AD group contains special characters, such as "/".

Symptoms:

The user doesn't have permissions to content he should be able to see.

Reviewing the Assigned roles to that user, you would see that the '(Group)' role is missing.

In the admin logs:

"user dan failed its user groups update. message - Failed to retrieve groups for user: 4df48b4e-377a-4ec6-b102-176c1fef75f2 (dan) Caused by: Failed to retrieve groups for user: 4df48b4e-377a-4ec6-b102-176c1fef75f2 (testingAdmin) at pyramid.infra.auth.ldap.ADLdapGroupsForUsersIterator.getUserGroups"

Solution:

Check that none of the AD groups assigned to the users has a slash(\) in it. (Or any other special characters).
If it does, please rename the AD group, to remove that special character, then check again in Pyramid to see if the users get the required roles.

Please note that the get users groups run periodically, so to run it immediately run a provisioning job.  

Reply

null