Symantec Access Management

 View Only
  • 1.  SM 12.7 AD memberof

    Posted Aug 16, 2018 04:45 PM



    I have a response with <%userattr="memberof" %>

    Pulled out AD of user group1^group2^group3^

    The user has 20 groups. 

    It works perfectly in SM 12.0x environment.

    But when we move to 12.7 environment. Only 1 group is pulled out. Sometimes no group is pulled out.


    Is it a known problem?

    Is it a configuration problem? Or something Internal? Can you point us some direction for further investigation?


    Thanks and regards,

  • 2.  Re:  SM 12.7 AD memberof
    Best Answer

    Broadcom Employee
    Posted Aug 16, 2018 08:10 PM

    Hi Eric,


    Have you tried using memberOf rather than memberof? 


    There was a bug with 12.7SP2 where this was made unintentionally case sensitive. I am not sure if it also was in older releases. It is fixed in code and will be in the next release.


    Can I suggest you try using memberOf? If this works and you are happy with the work around then personally, I would wait for the next release. There is a dev fix which might fix this for you (sorry, I am unaware of the full details of either your situation or the defect so cannot say for certain) then log a case with support and mention that it sounds like DE356875 (or just refer to this thread ).


    Thanks, Simon.

  • 3.  Re:  SM 12.7 AD memberof

    Posted Aug 16, 2018 09:22 PM

    Thank you.

    Have logged a case

  • 4.  Re:  SM 12.7 AD memberof

    Posted Aug 16, 2018 11:44 PM

    Hi Eric,


    Refer : SSO R12.52 SP1 CR08 Issue with retrieving attribu - CA Knowledge 


    This is caused by a known Defect where the lookup for the user attribute was case sensitive.



    Leo Joseph.

  • 5.  Re:  SM 12.7 AD memberof

    Broadcom Employee
    Posted Aug 17, 2018 09:12 AM

    Hi ,


    Per Simon , we had a defect reported for the attribute being case sensitive.

    However, from your Description, you mentioned that one Group is returned and sometimes none.

    if you were hitting the Defect, Then no groups should be returned at all .


    For this, within the CA Support Case, they will be able to analyze the logs and see what is happening 



  • 6.  Re:  SM 12.7 AD memberof

    Posted Aug 17, 2018 12:16 PM

    wirks now using memberOf