10-11-2022 03:52 AM - edited 10-11-2022 04:13 AM
Hello,
We have Cisco FMC, version is 7.0.1
I would like to configure access to the FMC based on AD Groups, integration done thought LDAP. At this moment we have 2 AD groups:
First - Full Access (Grant-FMC-Admin), Second - Read Only Security Analyst (Grant-FMC-ReadOnly)
You can see configuration on the screenshot.
There is test result:
As I have discovered, some users can login, some no. What is the problem?
Solved! Go to Solution.
10-11-2022 06:08 AM
The issue seems to be related to hitting the maximum limit of query size limit as stated on the error. I would try to use a more specific base DN instead of the root one, and also a base filter that would match all the queried users.
10-11-2022 04:47 AM
This looks for me more of AD side users need to verify they are in correct Group
compare working vs not working so you see the different in user profiles in AD ?
10-11-2022 07:05 AM
For example, User1 can be member of Grant-FMC-Admin\Grant-FMC-ReadOnly and this user will have correct assigned role. But User2 can be member of Grant-FMC-Admin\Grant-FMC-ReadOnly and this user can't login at all.
10-11-2022 06:08 AM
The issue seems to be related to hitting the maximum limit of query size limit as stated on the error. I would try to use a more specific base DN instead of the root one, and also a base filter that would match all the queried users.
10-11-2022 08:12 AM
I tried to be more specific, but situation is the same.
10-11-2022 08:14 AM
How and what do I need to check regarding these 67 users? These users are created in such way as another 550...
10-11-2022 08:45 AM
I don't personally think the issue is related to the users' attributes, I think it is just the size limit that is getting hits. Did you also try the base filter?
10-12-2022 05:53 AM
You was right, I done more specific Base DN and now works. Thanks.
10-12-2022 05:57 AM
Glad to hear this has been fixed now and you're welcome.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: