Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
LDAP users are able to login until the next LDAP synchronization task is completed, even though the "Filter users by groups" option is enabled and they are not members of any synchronized LDAP group.
Solution:
LDAP users are able to temporarily login until the next LDAP synchronization task is completed, even though the "Filter users by groups" option is enabled and they are not members of any synchronized LDAP groups.
From the server log, you will see the following output:
DEBUG 2016-02-02T07:45:40,757-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Authenticating user 'new_spotfire_user' in LDAPLoginModule ... DEBUG 2016-02-02T07:45:41,180-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Using searchFilter '(&(sAMAccountName=new_spotfire_user)(objectClass=user))' DEBUG 2016-02-02T07:45:41,255-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Found LDAP user 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com', using DN as principal id DEBUG 2016-02-02T07:45:41,342-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Could not find any user 'new_spotfire_user' in LDAP context 'OU=Groups,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' DEBUG 2016-02-02T07:45:41,342-0500 [unknown, #128] server.ldap.LdapContextFactory: Closing LdapContext for ldaps://company.com:389 DEBUG 2016-02-02T07:45:41,343-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Authenticating user with principal id 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' DEBUG 2016-02-02T07:45:41,343-0500 [unknown, #128] server.ldap.LdapContextFactory: Creating an LDAP connection for principal 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' to LDAP server(s) ldaps://company.com:389 DEBUG 2016-02-02T07:45:41,760-0500 [unknown, #128] server.ldap.LdapContextFactory: Successfully created an LDAP connection for principal 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' to LDAP server ldaps://company.com:389 DEBUG 2016-02-02T07:45:41,761-0500 [unknown, #128] server.ldap.LdapContextFactory: Closing LdapContext for ldaps://company.com:389 DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] jaas.ldap.LDAPLoginModule: Successfully authenticated user 'new_spotfire_user' with DN 'CN=new_spotfire_user,OU=Standard,OU=Users,OU=Enterprise,DC=logon,DC=ds,DC=company,DC=com' DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.JaasAuthenticator: Successfully authenticated user 'new_spotfire_user' in domain 'company.com' DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Post-authentication filtering security context for principal 'new_spotfire_user@company.com' DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Post-authentication filtering in block mode DEBUG 2016-02-02T07:45:41,762-0500 [unknown, #128] server.security.PostAuthenticationFilterImpl: Looking up the authenticated user principal 'new_spotfire_user@company.com' in the User Directory DEBUG 2016-02-02T07:45:41,764-0500 [unknown, #128] server.userdir.UserDirectoryImpl: Checking if the user principal new_spotfire_user@company.com has been recently added to the external provider ... DEBUG 2016-02-02T07:45:42,356-0500 [unknown, #128] server.userdir.UserDirectoryImpl: Importing user principal new_spotfire_user@company.com that was recently added to the external provider DEBUG 2016-02-02T07:45:42,401-0500 [new_spotfire_user@company.com, #128] server.security.SecurityFilter: The client is successfully authenticated DEBUG 2016-02-02T07:45:42,402-0500 [new_spotfire_user@company.com, #128] server.security.SecurityFilter: Passing on the request for URL /ws/LoginService to the next item in the filter chain
This is a defect and has been fixed in a hotfix. Apply the latest Spotfire Server hotfix. Fix is in 7.0.1 HF-004 or higher.
Hotfixes are from now on provided from the TIBCO Support site https://support.tibco.com. Once you have logged in there, hotfixes can be found under the Downloads menu > Hotfixes. On the Hotfixes page, Spotfire-hotfixes can be found under "AvailableDownloads" > Spotfire.
Comments
0 comments
Article is closed for comments.