Questions Tagged With activedirectory

Troubleshoot ActiveDirectory user import to my ivy 3.9 webApp

SupportIvyTeam — Wed, 01 May 2019 03:02:29 -0400

I have to maintain a legacy workflow app still running with XpertIvy 3.9. The users of the application are synchronized from our MS Active Directory.

Recently I got reports that some users are not able to connect to the WebApp. What can I do to verify and trace the ActiveDirectory user synchronization?

Lazy / On-demand Synchronization of LDAP Users

SupportIvyTeam — Mon, 29 Apr 2019 09:53:15 -0400

In our project we are using Microsoft AD as our security system. Our access policy is that anyone working in our company is allowed to access our Ivy application.

Our problem now is that daily user synchronization and user filtering in our code is quite slow as we have over 50'000 possible users to synchronize, even though our application is only used by a couple of thousand users.

Is it possible to 'lazy load' users, only adding users to our Ivy system database on first usage / login? And not on first synchronization with our AD system? But still updating users that have been changed in AD during synchronization?

How can I troubleshoot problems with the user synchronisation from Active Directory or another LDAP server?

Reto Weiss — Tue, 16 Apr 2019 07:53:11 -0400

How can I troubleshoot problems with the user synchronisation from Active Directory or any other LDAP server?

For example if the synchronisation runs successfully but not all my users gets imported.

Migration of Active Directory Server

RMS71 — Mon, 04 Jul 2016 14:05:20 -0400

I am migrating an enviroment onto new Servers. The Active Directory Servers are being migrated too.

When I Switch to the new AD Server, what will happen to the Users which have all been designated one or more Roles?

Will the Users be deleted and reimported, so that one will have to reassign the 200+ Users to their respective roles, or will the Users keep their Roles?

Can not login with synchronized user from active directory

SupportIvyTeam — Fri, 04 Dec 2015 14:57:14 -0500

The user is synchronized with the active directory, but I can not login with it. In the log there is the following message:

Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
    ''NULL]; remaining name '/'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
    at ch.ivyteam.ivy.security.internal.jndi.dircontext.LazyBindingDirContextAccess.search(LazyBindingDirContextAccess.java:47)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1063)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.execute(JndiSecuritySystem.java:613)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1058)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1)
    at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.executeWithCachedContext(JndiSecuritySystem.java:637)

Failed to deserialize ch.ivyteam.ivy.security.internal.jndi.JndiUser

matej_smetana — Tue, 08 Sep 2015 10:09:05 -0400

Hi everyone, We have an application which uses LDAP users. I have a question regarding to the message in log:

Failed to de-serialize java object of class ch.ivyteam.ivy.security.internal.jndi.JndiUser. Object will be null.

What does it mean and how can we prevent this issue?

Thanks

Matej

How to map AD group to Ivy role?

Adrian Imfeld — Thu, 23 Jul 2015 12:24:42 -0400

We like to manage the rights for our ivy applications over the Microsoft Active Directory. According the AD groups, ivy roles should automatically added to the ivy user. We have in mind to build some technical processes to do that. But we have some questions...

Is it possible to read (lower) OU's of a user?
If we have the OU "ivy" to import all users and there is a OU "admin" under the OU "ivy", can we find out which users are in the OU "admin"? How can we get this information. Maybe some how like reading AD attributes?

Is it possible to listen to the LDAP synchronisation of the ivy server?
Every times when the user synchronisation is finished, our code should be executed to add specified ivy roles to the user based on the AD OU's.

Thank you for your support

How to ensure that the LDAP connection pool is used

SupportIvyTeam — Thu, 05 Mar 2015 12:55:35 -0500

In the Admin UI we can enable connection pooling for ActiveDirectory. We enabled this pool as the connection setup to our AD is very slow and ivy Public API seems to call AD frequently. But it seems like the enabling of the pool doesn't speed up anything.

How can we track and trace if the pool is working?

Where can I inspect and change the current 3.9 Active Directory settings

SupportIvyTeam — Mon, 16 Feb 2015 14:17:21 -0500

Some users of my customer can't connect with the ivy 3.9 server. Where can I inspect the actual Active Directory (AD) settings of the ivy Application?

LDAP API call cache

tauser — Fri, 30 Jan 2015 15:26:48 -0500

Hi, we have some performance problems by communication with LDAP after switching from 4.3 to 5.0. I have two questions

were there any changes intern by calling API (see bellow)
are there any API methods which doesn't communicate with LDAP (using direct only ivy system database) ?

Especially we use the following method

ISecurityContext.findRole(...)
IWorkflowSession.hasRole(IRole, Boolean)

How can I specify additional properties/attributes for an External Security System?

SupportIvyTeam — Tue, 05 Aug 2014 11:43:02 -0400

If I use Microsoft Active Directory or Novel eDirectory as External Security System is there any possibility to specify an additional environment property / attribute? Examples are java.naming.referral (which is on Ivy set to follow per default) or java.naming.ldap.derefAliases etc.

How to read and synchronize users from multiple Active directory domains?

Alex Zeiter — Mon, 17 Mar 2014 17:09:23 -0400

We have 3 different AD domains and should have the users of all of them in our ivy5 application

How to read LDAP/Active Directory/Novell Directory-attributes of a user?

Urs Buri — Mon, 13 Jan 2014 11:48:49 -0500

I'm using Active Directory/Novell Directory as security-system for Xpert.ivy. How to read LDAP/Active Directory/Novell Directory attributes of a user?

How can I prevent to import deactived users from Microsoft Active Directory ?

Reto Weiss — Tue, 07 Jan 2014 15:13:56 -0500

If I use active directory to synchronize AD users with Xpert.ivy Server also deactivated users are imported. How can I prevent that?

Changed passwords from Active Directory still work in Ivy

Martin Steiger — Fri, 16 Sep 2011 11:28:18 -0400

I just changed my password in the Active Directory. I can no more use the old password for a windows login but I can still use to login to Ivy!! What is wrong?

Change password of an AD user in Ivy

Steffen Janthor — Thu, 28 Jan 2010 01:32:04 -0500

Can I use the method ivy.session.getSessionUser().setPassword(String) to set/change the password of a user in the AD?