LDAP validates all users, not just current user logging on.

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
KnightWare
Posts: 139
Joined: Sat Feb 10, 2018 12:56 am

LDAP validates all users, not just current user logging on.

Post by KnightWare »

I use LDAP for SSO in most my apps. Just got a report this morning an app would not let anyone sign on, "Invalid Credentials". I have one rule added to validate against 1 of 2 departments for access. Took a little while going thru logs but this is what I found. Of the 20 users of the APP, one was changed to a different OU, one was changed to a different Department. SO although the users reporting the issue where valid and used the app hundreds of times, because of these two specif users the app fails for a valid user with invalid login.

Why does the app validate Everyone in the security (RegularUsers) table, instead of just the one logging in? Is there a way to stop this?
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: LDAP validates all users, not just current user logging on.

Post by aware_support »

What is in your rule? Have you checked the rule log?
Aware IM Support Team
KnightWare
Posts: 139
Joined: Sat Feb 10, 2018 12:56 am

Re: LDAP validates all users, not just current user logging on.

Post by KnightWare »

It's not the rule, I disabled it to allow users from all departments. The issue is, if you look at the log, All users that have logged in are validated each time a user logs in. When I log in, it goes thru the entire Regular Users table for all users that have logged in. If one of them fail due to no longer being in the OU, or some other reason, I fail and told invalid login. It should just be checking my login, but checks all previous logins.
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: LDAP validates all users, not just current user logging on.

Post by aware_support »

"When I log in, it goes thru the entire Regular Users table for all users that have logged in."

Who goes through the entire Regular User table if it's not the rule? And how do you know?
Aware IM Support Team
KnightWare
Posts: 139
Joined: Sat Feb 10, 2018 12:56 am

Re: LDAP validates all users, not just current user logging on.

Post by KnightWare »

The log. If I clear out the log (wrapper.log) and try to log in, the log will show my attempt. It finds my LDAP entry, but then starts down the list of everyone in the regular users who have logged in prior. If it gets to someone that has an issue, my login is denied. That’s what seems to be going on. I found the user who had changed departments and I removed them. I was then able to log in.
KnightWare
Posts: 139
Joined: Sat Feb 10, 2018 12:56 am

Re: LDAP validates all users, not just current user logging on.

Post by KnightWare »

Anyone using LDAP?
Post Reply