Support Center > Search Results > SecureKnowledge Details
Users are not matched against their LDAP directory after upgrade of Security Management Server to R80 / R80.10, if some of the LDAP configuration fields contain non-English characters
Symptoms
  • The authentication fails against the user's directory, which is represented by LDAP Account Units with Domain field defined in non-English characters.

  • Authentication / Authorization fails against the user's directory, which is represented by LDAP Account Units with Branches defined in non-English characters.

  • Authorization (Branch / Group membership) fails for LDAP Groups with fields defined in non-English characters (rule matching on those users will be skipped).

  • Query to Active Directory fails and the Kerberos Single Sign On is enabled, and its account name defined in non-English characters.

Cause

R80 / R80.10 Security Management Server uses the Unicode character set and the UTF-8 encoding to store non-English characters.

SmartDashboard R77.X and lower allows the user to use encodings other than UTF-8 for non-English characters in some properties of LDAP Account Unit and LDAP Group.

If these fields contained non-English characters (e.g., Russian, Japanese, Chinese, Korean, etc.) before the upgrade to R80 / R80.10, then they will become corrupted during policy installation on R80 / R80.10 Security Management Server.

The relevant fields are (example is given for Russian characters):

  • LDAP Account Unit properties - "General" tab - "Domain" field:

  • LDAP Account Unit properties - "General" tab - "Active Directory SSO configuration" button - "Account Name" field:

  • LDAP Account Unit properties - "Objects Management" tab - "Branches in use" field - "CN":

  • LDAP Group properties:


Solution
Note: To view this solution you need to Sign In .