Help

LDAP authentication script to replace Self Service LDAP?

alexjdale
Valued Contributor III

Posted on ‎05-04-2018 09:44 AM

We're running into the Self Service bug with LDAP-user-scoped groups where policies sometimes return the "item is no longer available" error. This is causing a lot of issues with our technicians, since LDAP-gating is required for device provisioning and other security-sensitive policies.

I am looking into options to bypass LDAP scoping and restricting policies another way. Has anyone come up with a method to authenticate an AD user in a bash script? I just need to validate the user's credentials against AD, and the system is not bound to AD yet.

0 Kudos
1 REPLY 1

bradtchapman
Valued Contributor II

Posted on ‎05-06-2018 09:15 AM

It’s not that you can’t validate against AD with a script. It’s that Self Service has no mechanism to receive input from stdout in the Terminal even if you you could. You have to rely on the LDAP framework within the app to validate user accounts.

  1. When you get “item is no longer available,” has the Self Service session been idle for some time, or does it happen immediately after the person logs into the app?
  2. Have you found a way to repeat the problem in testing?
  3. Have you audited Active Directory for account login failures?
  4. Have you run Self Service in the debug mode to capture additional data?
0 Kudos