'Combination of LDAP and Spotfire database authentication' feature is disabling the manually created user
Article ID: KB0081578
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.11 and higher |
Description
As of Spotfire 7.11.0 LTS, there is a new feature introduced called "Combination of LDAP and Spotfire database authentication", through which you can configure external user directory like LDAP, etc and also can add users manually to the Spotfire database.
If you have the below 3 configurations on your end:
If you have the below 3 configurations on your end:
- You have LDAP user directory.
- You have also manually created database users.
- You have collapse domains enabled.
INFO 2018-04-10T15:05:57,915-0300 [unknown, #30, #23865] server.security.PostAuthenticationFilterImpl: Denying access, the user principal 'myuser' is currently not enabled
Issue/Introduction
'Combination of LDAP and Spotfire database authentication' feature is disabling the manually created user
Resolution
All the users in the database are assigned to a domain, and if "Collapse Domain" is set to TRUE, that means that all LDAP users are set to the domain "SPOTFIRE". This is the same domain that is used for all users manually created in the database, so that is why when the manually created user is not found via LDAP synchronization (as expected), the user entry will get marked as disabled.
To avoid this scenario, you can use either of the following two options in the TIBCO Spotfire Server configuration:
To avoid this scenario, you can use either of the following two options in the TIBCO Spotfire Server configuration:
- Set "Collapse Domains" to FALSE - Warning: This will create new synchronized LDAP users in your system which how have the domain as reported by the directory server during the the LDAP synchronization. The previous users with the domain "SPOTFIRE" be disabled.
- Set "Safe Synchronization" to TRUE - This will prevent users not found during an LDAP synchronization from being automatically disabled.
Additional Information
Doc: Combination of LDAP and Spotfire database authentication:
Doc: config-userdir:
Feedback
Yes
No
Powered by
