LDAP USER able to login Agile but can’t approve changes
We recently had domain update in our company, like email@example.com to firstname.lastname@example.org
After domain change few users are able to login to Agile, but not able to approve any change orders.
They are facing invalid approval/rejection username or password error in Web client.
In the logs it says, ldap username or password is wrong, job cancelled by this error.
All the users are synced with LDAP, their updated emails are coming in Agile.
Please help how to solve this.
1. Do you have a SSO solution implemented to login to Web client?
2. Can they login to Java client?
3. in agileuser table, can you check if the login_pwd and approver_pwd is null for those users?
4. Can you check if the auth_src and guid is not null?
Please see below answers.
1.Yes, we have SSO Implemented and they are able to login to webclient.
2.they don’t have access to java client.
3.yes it is null for one user and not null for other user, both are facing same issue.
4.auth_src is not null.
Ah ok. So, if you have a SSO, then the user doesn’t have to get authenticated against the LDAP that Agile is on. That’s probably why they can login since the asserter passes on the userid to Agile. If they try logging to the individual node, they will run into the same issue
I should have asked earlier. I assume that their setting “Use Login Password for Approval” is set to Yes. Correct?
Assuming that is the case,
– Can you please check if the guid column is NULL for these users? If null, you might have to do migrateUsersToDB
– If not null, you need to make sure if it matches the id in LDAP. for example, if you use AD, it would be the objectguid
Finally, i noticed that there is Doc id 1483625.1 that provides additional pointers regd this issue
Hope this helps