Verify the following:
1. Ensure the user record is a LDAP user and not a local record.
Admin Users
UI Method: User account has Auth Type = LDAP. This can be verified under Users > Admin Users.
CLI Method: DumpUserRecords -userid <username> | grep -i AuthenticateType
(If something other than LDAP is returned, it is not a LDAP record)
Standard Users
UI Method:
a. Navigate to Users > User View.
b. Search for for the user record
c. Right-click and select Modify User
If the record contains a modifiable password field, the record is a local record, not LDAP.
CLI Method: DumpUserRecords -userid <username> | grep -i AuthenticateType
(If something other than LDAP is returned, it is not a LDAP record)
2. The user has group membership in Active directory for the group used in the User Host Profile
3. The user is searchable using System > Settings > Authentication > LDAP > Preview
4. The group used in the User Host Profile is selected under System > Settings > Authentication > LDAP > Modify > Select Group
5. A resync of the Directory has been performed under System > Scheduler > Synchronize users with directory
Solution:
If user is a local record, do the following:
1. Navigate to Users > Admin Users or Users > User View and delete the user account.
2. Re-add the user by clicking Add and entering the User ID. If found in the directory, the system will indicate the User ID was found in the directory.
Contact Support for additional assistance. Open a support ticket and include the following:
- Problem description
- Steps taken to troubleshoot issue
- Screen capture of Policy Details (Search host under Hosts > Host View, right-click on host and select Policy Details)
- Screen capture of Policy host is supposed to match (Policy > Policy Configuration)
- Screen capture of User Host Profile used by policy
- Screen capture of Help > About
- Output of DumpUserRecords -id <username>
