Support #3568

Users imported from AD become disabled

Added by Vadim 4 months ago. Updated 3 months ago.

Status:ClosedStart date:06/09/2020
Priority:NormalDue date:
Assignee:Vadim% Done:

0%

Category:-
Target version:RapidDeploy - 5.0-FIX
Affects Version:5.0-FIX Additional version details:
Timesheet Code:

Description

Hello.

Have found very special thing when authenticating users with LDAP: if I set "ldap.sync.period=300000" then all users that are being imported from AD are periodically set to "User enabled: False". As I understand, each time when RD synchronizes with AD. If I change settings and enable user - it becomes active. But after next synchronization user is disabled again.

Of course, I will set the default synchronization time value to 86400000 but doesn't that after 24 hours all users will be blocked again?

If everything work as I see it then this is very critical place. Please check it as soon as You can.

Best regards,
Vadim.

History

#1 Updated by Vadim 4 months ago

Hi again. Some additional information.

After server is restarted users also become disabled.

And there is also problem with enabled users as well. I created an encrypted token for a user but user cannot be authenticated with that. But it also cannot be authenticated on RD server with login/password. Something is wrong here. :)

Best regards,
Vadim.

#2 Updated by MidVision 4 months ago

  • Assignee set to Rafael

#3 Updated by Vadim 4 months ago

Hi, Rafael.

Strange thing. If I use specially created account - it cannot be authenticated. But if I use my own - it works. It's necessary to check what's the difference in how users are authenticated. Both accounts are discovered in RD automatically, so LDAP filter works fine. And it's strange that authentication goes wrong.

Best regards,
Vadim.

#4 Updated by Rafael 4 months ago

  • Status changed from New to In Progress
  • Target version set to 5.0-FIX

Hi Vadim,

Let's wait for Mariano to start his day and investigate.

We'll be in contact with you with any update.

Cheers!

Rafa

#5 Updated by Rafael 4 months ago

  • Status changed from In Progress to Feedback
  • Assignee changed from Rafael to Vadim

Hi Vadim,

After our conversation today the ball is on your court now, please let us know any update from the LDAP team! :-)

And as usual, don't hesitate to open a new case if needed.

Cheers!

Rafa

#6 Updated by Rafael 4 months ago

  • Priority changed from High to Normal

#7 Updated by Vadim 3 months ago

Hi Rafael.

All problems reported here were just because of my fails.
1. Users were disabled on each LDAP synchronization because of a wrong LDAP filter (it had to work but it didn't).
2. "Special" user was not authenticated because of wrong LDAP data - its principal name was made in a different way than one of any casual users. And that's the difference with Jenkins - Jenkins does not check principal name. :)

So really there are no problems with Your system. Ticket can be closed.

Thank You for the great support!

Best regards,
Vadim.

#8 Updated by Rafael 3 months ago

  • Status changed from Feedback to Closed

Hi Vadim,

Great news! :-)

I'm glad everything is under control, I'm closing this case as requested but do not hesitate to open a new ticket if you need to.

Cheers!

Rafa

Also available in: Atom PDF