Skip to main content
Question

LDAP authentication script to replace Self Service LDAP?

  • May 4, 2018
  • 1 reply
  • 0 views

Forum|alt.badge.img+17

We're running into the Self Service bug with LDAP-user-scoped groups where policies sometimes return the "item is no longer available" error. This is causing a lot of issues with our technicians, since LDAP-gating is required for device provisioning and other security-sensitive policies.

I am looking into options to bypass LDAP scoping and restricting policies another way. Has anyone come up with a method to authenticate an AD user in a bash script? I just need to validate the user's credentials against AD, and the system is not bound to AD yet.

1 reply

bradtchapman
Forum|alt.badge.img+20
  • Valued Contributor
  • 588 replies
  • May 6, 2018

It’s not that you can’t validate against AD with a script. It’s that Self Service has no mechanism to receive input from stdout in the Terminal even if you you could. You have to rely on the LDAP framework within the app to validate user accounts.

  1. When you get “item is no longer available,” has the Self Service session been idle for some time, or does it happen immediately after the person logs into the app?
  2. Have you found a way to repeat the problem in testing?
  3. Have you audited Active Directory for account login failures?
  4. Have you run Self Service in the debug mode to capture additional data?

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings