INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Authentication - Log-in has been disabled

Authentication - Log-in has been disabled

(OP)
We are using OpenText Content Server 10. Recently we are having issues with users not able to log-in. We us the Directory Service module and IIS authentication (SSO). The administrator is able to log-in via the admin page and enable log-in. However, we have to enable the accounts daily. Please advise.
Thanks

RE: Authentication - Log-in has been disabled

my guess is that your Directory Synchronization query needs to be checked(or somebody changed the query that as in there,in place editing)
I would cut and paste that query and use a LDAP tool like Softerra and see if the query brings the people you want.
Also you can open a ticket and they will help you with some unsupported ways,if what I suspect is true like inadvertent tampering of the query.

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010
http://www.tek-tips.com/faqs.cfm?fid=2884
http://www.linkedin.com/in/appunair
http://www.livelink.in

RE: Authentication - Log-in has been disabled

(OP)
Thank you. The information provided was very helpful.

RE: Authentication - Log-in has been disabled

It is very easy for posterity I will document here how it works.I will also use sql to show the LDAP query so it is easier to follow.Note you cannot use SQL in
the actual query.Let's say you created a Synchronization source called company_master_sync(12345) assume you did this on 01/01/2016 .The 12345 is the numeric id livelink gives to this sync source.
OK now the query to the source-"select name from Active_LDAP_Directory where name in ("appu","john","hugh","chris") if this was succesful LL will record in KUAF
all details you map to "appu","john","hugh","chris".Additionally in DS_Config tables it will keep a row for each of these for the 4 users. If more users need to cme into that no harm in editing the query so long as it is in excess of the 4 users like ("appu","john","hugh","chris","ysuggs")in this case "ysuggs" will be added.In case "appu" left the org then AD will not have it so depending on your LL setup that user can be dleted or in a login disabled status.Note in all cases the DS_CONFIG will keep the users ->owned by that number.so almost think of that "synchronization_source" owning the people.If you added another source(56789) for like this
"select name from Active_LDAP_Directory where name in ("appu","john","hugh","chris") then even though the result set is retreived you will see in logs skipping "appu" because owned by 12345 lke that.Pretty easy to understand right.

Now lets say a young turk wants to revamp all the things without totally understanding how code works he comes and says H'mmm that doesnt look right so let me efficiently make this better so the 12345 query looks like "select name from Active_LDAP_Directory where name in ("ysuggs","youngturk") etc so his thinking is why bring the existing users again and again? so the query runs and the new users get added and since the rest of the users in the source is not available LL thinks that they have left the org.so it proceeds to delete or disable them.

So the moral of the story is try not to change an existing query if needed just delete the sync source and bite the bullet and recreate a good query :)




Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010
http://www.tek-tips.com/faqs.cfm?fid=2884
http://www.linkedin.com/in/appunair
http://www.livelink.in

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close