- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2023 06:56 AM
HI all
We have a LDAP integration to create /update users with this filter
We don't have a RDN value specified for this OU definition and the Query field value is mail.
(&(objectClass=person)(sn=*)(!(objectClass=computer))(mail=*@mycompanyname.com)(manager=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Since this will get only Active records from Source and we don't want to pull a big mass in same OU definition we are not expanding above filter for inactives and are looking to create a second OU definition for User table to get only the Inactive users from LDAP and use a Update only transform and ignore any Inserts
Will creating a second OU definition for Inactive users cause any impacts to LDAP authentication .We have Use LDAP for password authentication system property set to Yes .
Coincidentally i was developing another OU definition to get some Users from a different branch Acquisitions and had an RDN value specified as OU=<<Acquired company name>>,OU=Acquisitions
and it caused some authentication failures due to the new OU definition , when i deactivated that definition everything was fine
I read from docs below and trying to make out how it connects to my existing and new inactive user setup and its impact on authentication
Can an Inactive user OU definition cause auth issues?
Thanks
Lakshmi
LDAP authenticationUse LDAP authentication to access using LDAP credentials.
- The instance passes the credentials to an LDAP server to find the instance.
- With RDNs, it validates the user's DN string. It validates only if at least one of the LDAP OU configurations with table=sys_user has an RDN configured.
- The LDAP server responds with an authorized or unauthorized message that the system uses to determine whether access should be granted
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2023 11:21 PM
after trying this out, the Inactive OU definition didn't affect the authentication provided the new OU definition doesn't have a RDN (same as the Active OU definition) . Otherwise it impacted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2023 11:54 PM
Any thoughts here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2023 11:21 PM
after trying this out, the Inactive OU definition didn't affect the authentication provided the new OU definition doesn't have a RDN (same as the Active OU definition) . Otherwise it impacted