Users imported from AD become disabled
|Target version:||RapidDeploy - 5.0-FIX|
|Affects Version:||5.0-FIX||Additional version details:|
Have found very special thing when authenticating users with LDAP: if I set "ldap.sync.period=300000" then all users that are being imported from AD are periodically set to "User enabled: False". As I understand, each time when RD synchronizes with AD. If I change settings and enable user - it becomes active. But after next synchronization user is disabled again.
Of course, I will set the default synchronization time value to 86400000 but doesn't that after 24 hours all users will be blocked again?
If everything work as I see it then this is very critical place. Please check it as soon as You can.
Hi again. Some additional information.
After server is restarted users also become disabled.
And there is also problem with enabled users as well. I created an encrypted token for a user but user cannot be authenticated with that. But it also cannot be authenticated on RD server with login/password. Something is wrong here. :)
Strange thing. If I use specially created account - it cannot be authenticated. But if I use my own - it works. It's necessary to check what's the difference in how users are authenticated. Both accounts are discovered in RD automatically, so LDAP filter works fine. And it's strange that authentication goes wrong.
- Status changed from In Progress to Feedback
- Assignee changed from Rafael to Vadim
After our conversation today the ball is on your court now, please let us know any update from the LDAP team! :-)
And as usual, don't hesitate to open a new case if needed.
All problems reported here were just because of my fails.
1. Users were disabled on each LDAP synchronization because of a wrong LDAP filter (it had to work but it didn't).
2. "Special" user was not authenticated because of wrong LDAP data - its principal name was made in a different way than one of any casual users. And that's the difference with Jenkins - Jenkins does not check principal name. :)
So really there are no problems with Your system. Ticket can be closed.
Thank You for the great support!