Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Empty groups after LDAP group synchronization due to incorrect group scope

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

Empty groups after LDAP group synchronization due to incorrect group scope


Solution:

When using global catalog port in your LDAP configuration on your TIBCO Spotfire Server configuration with group sync enabled, after a completed synchronization there are some groups which are coming in empty without any users under those groups. There may be other possible causes such as the LDAP bind account having insufficient privileges to read the member/memberOf properties on the user and group objects, but one potential issue is the scope defined on the group object in the directory.

To resolve, change the group scope from "Global" to "Universal". If the global catalog is used in the LDAP configuration then the group scope has to be "Universal".
How to change group scope of the group in AD Group Scope:


KB: Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration.

Related articles