Article Number
000030675
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.4.0.x, 10.4.1, 10.5.0, 10.5.0.1
Platform: CentOS
Issue
When using pam authentication and attempting to locate an external user group (which has been verified to exist using ldapsearch), the Security Analytics UI times out after 30 seconds, even though the group is valid.
Cause
This has been determined to be a product defect in the Security Analytics API search mechanism. The external Active Directory group is returned to the SA server (as verified when viewing a tcpdump), but is not displayed in the UI.
Resolution
This defect is slated to be corrected in 10.4.1.2 and in 10.5.1. A hotfix is available for 10.5.0.1. To obtain the hotfix, contact RSA customer support.
Notes
To verify that the user group exists, use ldapsearch from the command line, example:
ldapsearch -x -L -h <ad hostname or ip> -p <ad port number> -b dc=<mycompany>,dc=<com> -D <admins, upn, such as admin@mydomain.com> -W cn=<ad group name>*
ldapsearch -x -L -h ad.mycompany.com -p 3268 -b dc=mycompany,dc=com -D admin@mydomain.com -W cn=SecurityAnalyticsUsers
Adjust all items in <> to the environments' Active Directory server accordingly. This will verify that the group being searched can be found and that there is no other rudimentary connectivity issue to Active Directory.
