Skip to content
English
  • There are no suggestions because the search field is empty.

Hotfix v5.5.1.2657 for Active Directory Nested Groups

 

Known Issue

Affected Versions

v5.5.0.2551, v5.5.1.2643.

Affected Components

XCM, CSG.

Affected Features

AD Connector, "Enable Nested Group Search" option.

Hotfix Available

Xona v5.5.1.2657 Hotfix Link: https://xona.files.com/f/60088e68bda12a06

Description

The LDAP query processing in affected versions of Xona can fail when users have special characters in their Distinguished Names (DNs) and the "Enable Nested Group Search" option is enabled in the associated AD Connector configuration. Users will see an "Unauthorized" message when attempting to login using their AD account credentials.

Recommendations

  • For Xona deployments that need nested groups for Role-Based Access Control (RBAC) in Xona, the recommendation is to upgrade your XCM and/or CSGs to v5.5.1.2657. This version of Xona was released as a hotfix and is fully supported for production use.

  • For Xona deployments that need AD nested groups for Role-Based Access Control (RBAC) in Xona but cannot upgrade immediately, the recommendation is to limit your use of AD accounts to ones without special characters in their names. Commas, parentheses, and asterisks are known to cause problems with LDAP query parsing in affected versions of Xona.

  • For Xona deployments that do not need AD nested groups for Role-Based Access Control (RBAC) in Xona, the recommendation is to turn off the nested group feature shown at the bottom of the AD Connector configuration page. This feature comes enabled by default on the AD Connector configuration page shown on Xona versions v5.5.0.2551 and v5.5.1.2643.
  • For Xona deployments that are already using an AD Connector with Xona, your current AD Connector should be unaffected by this issue unless it was created while using Xona v5.5.0.2551 or v5.5.1.2643. In such cases, please refer to the other recommendations above.
  • No action is necessary for Xona deployments where local users and/or Single Sign-On (SSO) is used.

Additional Information

Unsure if this is required for your Xona deployment? Please reach out to support@xonasystems.com and we would be happy to discuss it with you.