Print

Print


Is there a unique ID delivered by your LDAP that is different from the 
username, and could the apps be using that unique ID to match to 
accounts instead of username?  Some weird alphanumeric string that is 
only used internally, but when they recreated her account she got a 
different one?

That is just a brainstorming guess; I am not familiar with LDAP, but 
have written non-LDAP SSO solutions that sometimes run into this issue.

Jonathan

Yitzchak Schaffer wrote:
> On 10/6/2010 10:44, Amy wrote:
>   
>> We are having a problem with a single student whose account was deleted from
>> LDAP by Technology, and then had her account re-established.   She has the
>> same username and status as she used to have.
>>
>> She is now unable to login to any of the library resources that use LDAP to
>> authenticate patrons.  This includes our catalog&  e-resources (through III)
>> and a Ruby on Rails group study room web application that uses LDAP
>> authentication.
>>
>>     
>
> In situations like these, I find you just have to keep digging at it 
> until you figure out what the problem is. If you have access to the LDAP 
> queries in III and the RoR app, check them to make sure there isn't 
> anything the systems are expecting to find that wasn't regenerated. Like 
> when the record was created, or some default settings or something. 
> Also, check whatever mechanism is used for batch-creation (assuming 
> there is one) to see if it sets anything differently than whoever did 
> the re-creation.
>
>