Query to AD LDAP for UNIX user returns incorrect primary GID
Applies to
- ONTAP 9
- LDAP
- Centrify
Issue
- When running the
access-check authentication show-creds
command to validate a UNIX user's credential and mapping, the user's primary group appears to be incorrect - The LDAP server is Active Directory LDAP utilizing UNIX attributes, and the correct primary GID is populated in the user's gidNumber UNIX attribute
- The LDAP server also utilizes Centrify zones to maintains multiple different sets of attributes for each user
- The incorrect primary group (from the show-creds command) correlates to one of the Centrify zones' gidNumber values for the same user
- The schema as shown in the output of
ldap client show -fields schema is RFC-2307