Jump to content
Welcome to our new Citrix community!

Two ldap Authentication Policies


Pablo Heras

Recommended Posts

What is the use of having two LDAP authentication policies with the same priority and the same server and which difference would contain two primaries with the same priority?
I suppose that if the two are primary and have a different priority, the one with the least priority will work if the first fails. But I do not understand the operation with two LDAP policies. I have seen an example where two policies had a primary with priority 100 and another secondary with priority 100 also against the same server in the same domain. Also, in this case, the authentication failed with the secondary and authentication was denied, and when the primary has been left, it has only worked. It is possible that there was something more in high school but if the primary worked well it would not have to fail.

Link to comment
Share on other sites

Assuming this is using the classic policy engine, priorities at one point were optional and not required. So if both are at same priority on the same bind point (same vpn vserver or same vpn global/system global), then it works as if no priority is specified and the one bound first (top of list) is processed before the other.

 

Ideally, you use priorities and make sure they are separate.  In the advanced/default engine, priorities are required and mandated to be unique within a bind point so it avoids this problem. Also confirm the authentication details in the ldap actions are in fact the same and not trying two different things.  Or someone made a mistake.

 

The above is just a guess.  Show the running config to see the bindings; someone may have been converting classic to advanced or bound the policies to different entities or the actions may be switching from UPN to samaccount name so they were trying to cascade from one to the other. 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...