LDAP USER able to login Agile but can’t approve changes

Hi,

We recently had domain update in our company, like user1@company.com to user1@companymedical.com

After domain change few users are able to login to Agile, but not able to approve any change orders.

They are facing invalid approval/rejection username or password error in Web client.

In the logs it says, ldap username or password is wrong, job cancelled by this error.

All the users are synced with LDAP, their updated emails are coming in Agile.

Please help how to solve this.

Thanks,
Surya

Agile Talent Asked on April 16, 2019 in Agile PLM (v9),   Product Collaboration.
Add Comment
4 Answer(s)

Hello Surya

  Few questions

  1. Do you have a SSO solution implemented to login to Web client?
  2. Can they login to Java client?
  3. in agileuser table, can you check if the login_pwd and approver_pwd is null for those users?
  4. Can you check if the auth_src and guid is not null?

– Raj

Agile Professional Answered on April 16, 2019.
Add Comment

Hi Raj,

Please see below answers.

1.Yes, we have SSO Implemented and they are able to login to webclient.
2.they don’t have access to java client.
3.yes it is null for one user and not null for other user, both are facing same issue.
4.auth_src is not null.

Thanks,
Surya

Agile Talent Answered on April 16, 2019.
Add Comment

Ah ok. So, if you have a SSO, then the user doesn’t have to get authenticated against the LDAP that Agile is on. That’s probably why they can login since the asserter passes on the userid to Agile. If they try logging to the individual node, they will run into the same issue

I should have asked earlier. I assume that their setting “Use Login Password for Approval” is set to Yes. Correct?

Assuming that is the case,

– Can you please check if the guid column is NULL for these users? If null, you might have to do migrateUsersToDB
–  If not null, you need to make sure if it matches the id in LDAP. for example, if you use AD, it would be the objectguid

Finally, i noticed that there is Doc id 1483625.1 that provides additional pointers regd this issue

Hope this helps

Agile Professional Answered on April 16, 2019.
Add Comment

Hi Raj,

The issue happened because new domain which I entered in LDAP in java client was. Still. Not up, but the integration user’s mail id updated to new domain.

I retained the old domain in LDAP, so it solved the issue.

Thanks,
Surya

Agile Talent Answered on April 16, 2019.

Oh ok. That explains

Interesting that the integration still updated the emailid. i would expect that also to not work

on April 16, 2019.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.