Support Center > Search Results > SecureKnowledge Details
Nested groups are not fetched on state 2 Technical Level
Symptoms
  • In Identity Awareness, some access policy rules with Access Roles are not matched
  • The command ‘pdp monitor user XXX’ shows that direct groups are fetched correctly, but nested groups are not fetched
  • The command 'pdp nested_groups status' shows ‘Enabled - mode 2’
  • LDAP query is sent over port 389 or 636
  • Pdpd debug (' pdp debug set all all ') shows an empty DN: [RootId = 74822] server = Server_name, Search[ dn = '', Params[ scope = 2, filter = '(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=CN=User,CN=Users,DC=example,DC=com) )'
Cause
When the query is done over port 389 or 636 the LDAP server expects to receive a base distinguished name. The Security Gateway does not send it.
Solution
Note: To view this solution you need to Sign In .