LDAP validates all users, not just current user logging on.

KnightWare

I use LDAP for SSO in most my apps. Just got a report this morning an app would not let anyone sign on, "Invalid Credentials". I have one rule added to validate against 1 of 2 departments for access. Took a little while going thru logs but this is what I found. Of the 20 users of the APP, one was changed to a different OU, one was changed to a different Department. SO although the users reporting the issue where valid and used the app hundreds of times, because of these two specif users the app fails for a valid user with invalid login.

Why does the app validate Everyone in the security (RegularUsers) table, instead of just the one logging in? Is there a way to stop this?

aware_support

What is in your rule? Have you checked the rule log?

KnightWare

It's not the rule, I disabled it to allow users from all departments. The issue is, if you look at the log, All users that have logged in are validated each time a user logs in. When I log in, it goes thru the entire Regular Users table for all users that have logged in. If one of them fail due to no longer being in the OU, or some other reason, I fail and told invalid login. It should just be checking my login, but checks all previous logins.

aware_support

"When I log in, it goes thru the entire Regular Users table for all users that have logged in."

Who goes through the entire Regular User table if it's not the rule? And how do you know?

KnightWare

The log. If I clear out the log (wrapper.log) and try to log in, the log will show my attempt. It finds my LDAP entry, but then starts down the list of everyone in the regular users who have logged in prior. If it gets to someone that has an issue, my login is denied. That’s what seems to be going on. I found the user who had changed departments and I removed them. I was then able to log in.

KnightWare

Anyone using LDAP?