March 15, 2016 at 1:44 pm #8568
1) I created user “tester” with mailId firstname.lastname@example.org
2) I created another user “user1” with mailId email@example.com (same user Id as of user1)
3) Deleted both users
4) Added again “user1” with mailId firstname.lastname@example.org (same user Id as of user1)
– I cannot authenticate using “user1” mailId and password
– But i can authenticate using “tester” mailId and password (deleted user’s password and mail is working not takes actual users password)
How to solve this?
Any kind of cache makes the issue?
March 15, 2016 at 3:05 pm #8571matthewParticipant
- This topic was modified 3 years, 5 months ago by Firos.
Which version of OpenDJ are you using?
MattMarch 15, 2016 at 7:20 pm #8577
OpenDJ 2.7March 15, 2016 at 7:23 pm #8578
Can I see the data that DJ keeps?March 17, 2016 at 5:38 am #8618
Help me pls…March 17, 2016 at 10:21 pm #8678LudoModerator
OpenDJ 2.7 is not a released version, it represents development builds that happened somewhere between the release of 2.6.x and 3.0.
It will be hard to provide help without further details but when an entry is deleted in OpenDJ, it is completely removed and no longer accessible. There is no cache by default.
What is your client application ?
Does it have a cache ?March 19, 2016 at 3:11 pm #8750
Yes you are right.
Its 2.6 not 2.7
I have tried to access user using OpenAM APIMarch 20, 2016 at 9:44 am #8754LudoModerator
OpenAM is not a provisioning/ deprovisioning product. While it may have a few APIs to add users, it is preferable to use OpenDJ or LDAP tools to add and delete users. Or use a full Identity Management solution such as OpenIDM.March 21, 2016 at 8:16 am #8767
I got it. Thanks for your suggestion and i will check with it.
But issue still existsMarch 21, 2016 at 10:31 am #8774Chris RiddParticipant
LDAP binds with a DN and not a mail address, so there is at least one more step occurring during your bind procedure; this is likely to be some kind of SEARCH operation for the mail address that returns the DN to bind as.
Do you have access logs that show the entry being deleted? Can you show that a search for the mail address only returns one entry before the entry is deleted? Maybe you’re getting two returned and your client isn’t detecting this and just choosing to use the first one. Can you see any ADD operations for the user’s DN in the logs?
Are there any errors being logged in DJ’s error log, like replication conflicts?March 21, 2016 at 11:39 am #8778
Issue cleared automatically without any change after some days…..
Only thing i did is, replaced mailid(which made the issue) with another one. Today i changed new one with old one, no issue found now.
I believe, the issue with some kind of cache happening some where.
But not sure or don’t know where the caching occurs and how.March 29, 2016 at 1:15 pm #9035
Yes the issue arises while we update OpenDJ entry directly without using OpenAM.
No issue exists if we update OpenDJ entry using OpenAM.
That means OpenAM raising the issue using its cache.March 31, 2016 at 2:12 pm #9162Ian PackerParticipant
There is a useful section in the OpenAM docs for this: https://backstage.forgerock.com/#!/docs/openam/13/admin-guide/chap-tuning#caching
If your configuration is fairly ‘out of the box’, then you should probably check that your DataStore persistent search is configured and working correctly first.April 1, 2016 at 7:41 am #9196
Ian ,its highly useful link
April 1, 2016 at 8:23 am #9200
- This reply was modified 3 years, 4 months ago by Firos.
You must be logged in to reply to this topic.