https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298630#M824149 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>Check with Auth Test to see what attributes are being returned with your LDAP server.</P><P></P><P>Faisal</P></BODY></HTML> Sun, 25 Oct 2009 03:06:10 GMT Faisal Sehbai 2009-10-25T03:06:10Z https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298629#M824129 <P>Hi, </P><P>I've configured AD SSO and chose "ldap lookup server" to none and everything worked fine and put all users to default role in AD SSO configuration. </P><P>Now I need to configure different user role based on user membership in AD. So I configured lookup server and add it to AD SSO server. then confiured mapping rules and put "memberof" attribute in LDAP. But it doesn't work. still all users login to the default role, and it seems LDAP lookup server and mapping rules doesn't receive memberof attribute from AD. </P><P>any suggestion would be very appreciated. </P><P>thanks </P><P>Alex</P><P></P> Fri, 21 Feb 2020 11:45:27 GMT https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298629#M824129 alex goshtaei 2020-02-21T11:45:27Z https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298630#M824149 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>Check with Auth Test to see what attributes are being returned with your LDAP server.</P><P></P><P>Faisal</P></BODY></HTML> Sun, 25 Oct 2009 03:06:10 GMT https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298630#M824149 Faisal Sehbai 2009-10-25T03:06:10Z https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298631#M824159 <HTML><HEAD></HEAD><BODY><P>Hi Faisal, </P><P>in auth test tab, I don't see AD SSO or lookup server as provider. </P><P>thanks again, </P><P>Alex</P><P></P></BODY></HTML> Mon, 26 Oct 2009 21:30:30 GMT https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298631#M824159 alex goshtaei 2009-10-26T21:30:30Z https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298632#M824205 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>Depends on the version if they would be visible or not, but you can also setup a LDAP lookup server with the same settings as your lookup server and do an auth test with that.</P><P></P><P>HTH,</P><P>Faisal</P></BODY></HTML> Mon, 26 Oct 2009 23:14:02 GMT https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298632#M824205 Faisal Sehbai 2009-10-26T23:14:02Z https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298633#M824222 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>Check your string, it must be "memberOf", use capital "O". also, there must be no spaces in between your search strings, e.g. CN=abcd,DN=abcd</P><P></P><P>Hope this helps,</P><P>Dan</P></BODY></HTML> Tue, 27 Oct 2009 06:02:16 GMT https://community.cisco.com/t5/network-security/nac-ad-sso-mapping-rules/m-p/1298633#M824222 rc.castillo 2009-10-27T06:02:16Z