I have encountered a problem that the LDAP authentication with memberOf configured was not working and without the memberOf it worked.
Testing with the logging enabled (shell | cd /tmp | cat aaad.debug) gives me a strange line:
/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[370]: receive_ldap_user_search_event Binding user… 1 entries
/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[395]: receive_ldap_user_search_event User DN= <<CN=citrixtest,OU=TEST USERS,OU=ICT,DC=kbsfrb,DC=local>>
/home/build/rs_110_64_24_RTM/usr.src/netscaler/aaad/ldap_drv.c[1334]: check_ad_expired_pass pwdLastSet not found, most likly not AD
The cause of this is that the group “Authenticated Users” is not a member of the Group “Pre-Windows 2000 Compatible Access”. After adding the Authenticated Users to this group, the memberOf worked.
vdimind 