Citrix NetScaler LDAP memberOf Authentication issue (pwdLastSet not found)

I have encountered a problem that the LDAP authentication with memberOf configured was not working and without the memberOf it worked.

Testing with the logging enabled (shell | cd /tmp | cat aaad.debug) gives me a strange line:

/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[370]: receive_ldap_user_search_event Binding user… 1 entries

/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[395]: receive_ldap_user_search_event User DN= <<CN=citrixtest,OU=TEST USERS,OU=ICT,DC=kbsfrb,DC=local>>

/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[1334]: check_ad_expired_pass pwdLastSet not found, most likly not AD

The cause of this is that the group “Authenticated Users” is not a member of the Group “Pre-Windows 2000 Compatible Access”. After adding the Authenticated Users to this group, the memberOf worked.

NetScaler show 2 Authentication fields by 1 defined auth

NetScaler Gateway shows 2 authentication fields when only 1 LDAP Policy is bound:

Put the text “form.append(field_pass2)” in comment in the files:

/netscaler/ns_gui/vpn/js/gateway_login_form_view.js
/var/netscaler/gui/vpn/js/gateway_login_form_view.js

Example:

if (pwc ==2)
{
//form.append(field_pass2);
}