After the LDAP user's first connection, will EMS server add the LDAP user to the users.conf file automatically? And if not how do we know what users are identified in LDAP?
Article ID: KB0091913
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
EMS server never adds an external users in the users.conf automatically, even after the external users’s first connection to the EMS server.
Rather it keeps that user information in memory before "ldap_cache_ttl" expired, if you set ldap_cache_enabled to TRUE.
When the user is connected to the EMS server, "show users" command will be able to show that user, but the there is a * in front of user name for external users. That user’s entry is never written in the users.conf. If you restart the EMS server after the external user’s first connection, then EMS server will forget about that external user after restart till that user creates a connection to the EMS server again.
You can also verify if the USER is identified in LDAP by enabling LDAP_DEBUG.
E.g. test user tuser is stored in LDAP server, when the application connects EMS server with user name tsuer, and LDAP_DEBUG is enabled,
something like the following will be logged.
2008-10-31 16:38:40.242 ldap_simple_bind_s("cn=Directory Manager", *******)
2008-10-31 16:38:40.242 ldap_search_ext_s(14745a8, "ou=people,dc=na,dc=tibco,dc=com", LDAP_SCOPE_SUBTREE, "(&(uid=tuser)(objectClass=person))", [NULL], 0, [NULL], [NULL], 0)
2008-10-31 16:38:40.242 LDAP response resulting from checking existence:
2008-10-31 16:38:40.242 dn: uid=tuser,ou=People,dc=na,dc=tibco,dc=com
2008-10-31 16:38:40.242 objectClass: top
2008-10-31 16:38:40.242 objectClass: person
2008-10-31 16:38:40.242 objectClass: organizationalPerson
2008-10-31 16:38:40.242 objectClass: inetorgperson
2008-10-31 16:38:40.242 userPassword: {SSHA}Kr67cCozPCLyN2QrbZfZaBvRm25MYmY1WSfYLQ==
2008-10-31 16:38:40.242 cn: test user
2008-10-31 16:38:40.242 sn: user
2008-10-31 16:38:40.242 givenName: test
2008-10-31 16:38:40.242 uid: tuser
2008-10-31 16:38:40.242 ldap_simple_bind_s("uid=tuser,ou=People,dc=na,dc=tibco,dc=com", *******)
EMS server never adds an external users in the users.conf automatically, even after the external users’s first connection to the EMS server.
Rather it keeps that user information in memory before "ldap_cache_ttl" expired, if you set ldap_cache_enabled to TRUE.
When the user is connected to the EMS server, "show users" command will be able to show that user, but the there is a * in front of user name for external users. That user’s entry is never written in the users.conf. If you restart the EMS server after the external user’s first connection, then EMS server will forget about that external user after restart till that user creates a connection to the EMS server again.
You can also verify if the USER is identified in LDAP by enabling LDAP_DEBUG.
E.g. test user tuser is stored in LDAP server, when the application connects EMS server with user name tsuer, and LDAP_DEBUG is enabled,
something like the following will be logged.
2008-10-31 16:38:40.242 ldap_simple_bind_s("cn=Directory Manager", *******)
2008-10-31 16:38:40.242 ldap_search_ext_s(14745a8, "ou=people,dc=na,dc=tibco,dc=com", LDAP_SCOPE_SUBTREE, "(&(uid=tuser)(objectClass=person))", [NULL], 0, [NULL], [NULL], 0)
2008-10-31 16:38:40.242 LDAP response resulting from checking existence:
2008-10-31 16:38:40.242 dn: uid=tuser,ou=People,dc=na,dc=tibco,dc=com
2008-10-31 16:38:40.242 objectClass: top
2008-10-31 16:38:40.242 objectClass: person
2008-10-31 16:38:40.242 objectClass: organizationalPerson
2008-10-31 16:38:40.242 objectClass: inetorgperson
2008-10-31 16:38:40.242 userPassword: {SSHA}Kr67cCozPCLyN2QrbZfZaBvRm25MYmY1WSfYLQ==
2008-10-31 16:38:40.242 cn: test user
2008-10-31 16:38:40.242 sn: user
2008-10-31 16:38:40.242 givenName: test
2008-10-31 16:38:40.242 uid: tuser
2008-10-31 16:38:40.242 ldap_simple_bind_s("uid=tuser,ou=People,dc=na,dc=tibco,dc=com", *******)
Issue/Introduction
After the LDAP user's first connection, will EMS server add the LDAP user to the users.conf file automatically? And if not how do we know what users are identified in LDAP?
Feedback
Yes
No
Powered by
