Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

LDAP users are able to login until the next LDAP synchronization task is completed, even though the "Filter users by groups" option is enabled and they are not members of any synchronized LDAP group.

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

LDAP users are able to login until the next LDAP synchronization task is completed, even though the "Filter users by groups" option is enabled and they are not members of any synchronized LDAP group.


Solution:

LDAP users are able to temporarily login until the next LDAP synchronization task is completed, even though the "Filter users by groups" option is enabled and they are not members of any synchronized LDAP groups.

From the server log, you will see the following output:

DEBUG 2016-02-02T07:45:40,757-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Authenticating user 'new_spotfire_user' in LDAPLoginModule

...

DEBUG 2016-02-02T07:45:41,180-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Using searchFilter '(&(sAMAccountName=new_spotfire_user)(objectClass=user))'

DEBUG 2016-02-02T07:45:41,255-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Found LDAP user 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com', using DN as principal id

DEBUG 2016-02-02T07:45:41,342-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Could not find any user 'new_spotfire_user' in LDAP context 'OU=Groups,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com'

DEBUG 2016-02-02T07:45:41,342-0500 [unknown, #128] server.ldap.LdapContextFactory: Closing LdapContext for ldaps://company.com:389

DEBUG 2016-02-02T07:45:41,343-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Authenticating user with principal id 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com'

DEBUG 2016-02-02T07:45:41,343-0500 [unknown, #128] server.ldap.LdapContextFactory: Creating an LDAP connection for principal 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' to LDAP server(s) ldaps://company.com:389

DEBUG 2016-02-02T07:45:41,760-0500 [unknown, #128] server.ldap.LdapContextFactory: Successfully created an LDAP connection for principal 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' to LDAP server ldaps://company.com:389

DEBUG 2016-02-02T07:45:41,761-0500 [unknown, #128] server.ldap.LdapContextFactory: Closing LdapContext for ldaps://company.com:389

DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Successfully authenticated user 'new_spotfire_user' with DN 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com'

DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.JaasAuthenticator: Successfully authenticated user 'new_spotfire_user' in domain 'company.com'

DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Post-authentication filtering security context for principal 'new_spotfire_user@company.com'

DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Post-authentication filtering in block mode

DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Looking up the authenticated user principal 'new_spotfire_user@company.com' in the User Directory

DEBUG 2016-02-02T07:45:41,764-0500 [unknown, #128] server.userdir.UserDirectoryImpl: Checking if the user principal new_spotfire_user@company.com has been recently added to the external provider

...

DEBUG 2016-02-02T07:45:42,356-0500 [unknown, #128] server.userdir.UserDirectoryImpl: Importing user principal new_spotfire_user@company.com that was recently added to the external provider

DEBUG 2016-02-02T07:45:42,401-0500 [new_spotfire_user@company.com, #128] server.security.SecurityFilter: The client is successfully authenticated

DEBUG 2016-02-02T07:45:42,402-0500 [new_spotfire_user@company.com, #128] server.security.SecurityFilter: Passing on the request for URL /ws/LoginService to the next item in the filter chain
This is a defect and has been fixed in a hotfix. Apply the latest Spotfire Server hotfix. Fix is in 7.0.1 HF-004 or higher.
Hotfixes are from now on provided from the TIBCO Support site https://support.tibco.com. Once you have logged in there, hotfixes can be found under the Downloads menu > Hotfixes. On the Hotfixes page, Spotfire-hotfixes can be found under "AvailableDownloads" > Spotfire.

Related articles