Posted on 09-23-2013 04:49 AM
We're having an issue on our production setup (v 8.62) where Active Directory accounts are being locked on the first failed attempt to login to the JSS web interface.
We used to add every LDAP user individually and set their permissions individually as well, but this got very tedious, so we recently changed our logins to a group-based authentication whereby there are several AD groups added to the server, and anyone needing access to the JSS would get put into one of the AD groups that sync to our JSS.
If such a user never typos their password, they're fine, but the first time they fail to login to the JSS, their AD account becomes locked. If I remove that user from the AD group and add them to the JSS as an individually mapped LDAP account, they're lock outs occur according to our designated number of failed login attempts, set in our AD (i.e.: not 1 failed attempt).
The JSS maps to two individual AD domains. We haven't customized any of the mappings other than the Search Base for User, Group, and Group Membership. I don't think the multiple domains is causing a problem since we've had the second domain added to the JSS for about a year now, and only changed our authentication method in the past month or so.
Posted on 09-23-2013 06:24 AM
nevermind, i need to read release notes better. Apparently this was a confirmed defect in 8.62 and fixed in 8.64