[ale] LDAP Authentication Issue

JD jdp at algoloma.com
Wed May 14 13:51:27 EDT 2014


On 05/14/2014 01:34 PM, JD wrote:
> On 05/14/2014 11:59 AM, Sam Davis wrote:
>> Hello All,
>>
>>     I have to admit, I really don't know where to begin on this. LDAP has never
>> been my strong suit.  We use LDAP authentication for most of our servers.  We
>> have one user for whom the client machines seem to forget about.  In order to
>> restore his account's functionality, I have to stop and then start nslcd. 
>> Sometimes the client machines do not even realize his account exists, sometimes
>> it knows the account exists, but doesn't assign the correct group memberships. 
>> Other accounts are not impacted by this.  Does anyone have any idea where to
>> even begin looking into an issue like this?
> 
> I would look for conflicts between local accounts and the LDAP settings.
> 

And differences in allowed userid/passwords between the different systems.
We've used LDAP here for years, but I got burned when 1 webapp had a 32
character limit on password entries, but my normal passwords were 60+ characters
(yes, I use a password manager).  I used the same password across 7 different
systems just fine, but 1 never worked. It was too long.  This was strictly a
password entry issue since LDAP was performing the authentication.

Could also be that certain characters are allowed on the password change screen,
but not by specific login pages. In theory, this should be less and less a
problem. I haven't seen it in years.


More information about the Ale mailing list