Deleted user account comes again automatically

This topic contains 14 replies, has 5 voices, and was last updated by  Firos 3 years, 4 months ago.

  • Author
    Posts
  • #8568
     Firos 
    Participant

    1) I created user “tester” with mailId user1@example.com
    2) I created another user “user1” with mailId user1@example.com (same user Id as of user1)
    3) Deleted both users
    4) Added again “user1” with mailId user1@example.com (same user Id as of user1)

    – I cannot authenticate using “user1” mailId and password
    – But i can authenticate using “tester” mailId and password (deleted user’s password and mail is working not takes actual users password)

    How to solve this?

    Any kind of cache makes the issue?

    • This topic was modified 3 years, 5 months ago by  Firos.
    #8571
     matthew 
    Participant

    Hi there,

    Which version of OpenDJ are you using?

    Cheers,

    Matt

    #8577
     Firos 
    Participant

    OpenDJ 2.7

    #8578
     Firos 
    Participant

    Can I see the data that DJ keeps?

    #8618
     Firos 
    Participant

    Help me pls…

    #8678
     Ludo 
    Moderator

    OpenDJ 2.7 is not a released version, it represents development builds that happened somewhere between the release of 2.6.x and 3.0.
    It will be hard to provide help without further details but when an entry is deleted in OpenDJ, it is completely removed and no longer accessible. There is no cache by default.
    What is your client application ?
    Does it have a cache ?

    #8750
     Firos 
    Participant

    Yes you are right.
    Its 2.6 not 2.7
    I have tried to access user using OpenAM API

    #8754
     Ludo 
    Moderator

    OpenAM is not a provisioning/ deprovisioning product. While it may have a few APIs to add users, it is preferable to use OpenDJ or LDAP tools to add and delete users. Or use a full Identity Management solution such as OpenIDM.

    #8767
     Firos 
    Participant

    I got it. Thanks for your suggestion and i will check with it.

    But issue still exists

    #8774
     Chris Ridd 
    Participant

    LDAP binds with a DN and not a mail address, so there is at least one more step occurring during your bind procedure; this is likely to be some kind of SEARCH operation for the mail address that returns the DN to bind as.

    Do you have access logs that show the entry being deleted? Can you show that a search for the mail address only returns one entry before the entry is deleted? Maybe you’re getting two returned and your client isn’t detecting this and just choosing to use the first one. Can you see any ADD operations for the user’s DN in the logs?

    Are there any errors being logged in DJ’s error log, like replication conflicts?

    #8778
     Firos 
    Participant

    Issue cleared automatically without any change after some days…..

    Only thing i did is, replaced mailid(which made the issue) with another one. Today i changed new one with old one, no issue found now.

    I believe, the issue with some kind of cache happening some where.

    But not sure or don’t know where the caching occurs and how.

    #9035
     Firos 
    Participant

    Yes the issue arises while we update OpenDJ entry directly without using OpenAM.

    No issue exists if we update OpenDJ entry using OpenAM.

    That means OpenAM raising the issue using its cache.

    #9162
     Ian Packer 
    Participant

    There is a useful section in the OpenAM docs for this: https://backstage.forgerock.com/#!/docs/openam/13/admin-guide/chap-tuning#caching

    If your configuration is fairly ‘out of the box’, then you should probably check that your DataStore persistent search is configured and working correctly first.

    #9196
     Firos 
    Participant

    Ian ,its highly useful link

    • This reply was modified 3 years, 4 months ago by  Firos.
    #9200
     Firos 
    Participant

    Got the issue “DN Cache” was in action.

    And the issue resolved by just disabling the “DN Cache”

    Thank You all

    • This reply was modified 3 years, 4 months ago by  Firos.
Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?