LDAP authentication ordering
Resolved
We have configured Yellowfin to connect to LDAP for authentication. In the configuration we have set the Ordering to "Internal Authentication First". However, we have the feeling that this is not working properly, as LDAP users get an error message after logging in the 2nd time (invalid username or password).
- A new user logs in with active directory credentials --> works fine, a new LDAP user is created in YellowFin
- The LDAP user logs out
- The LDAP user logs in again and gets the error: "Incorrect username or password. Please try again. "
When we change the ordering to "LDAP Authentication First" it all works fine for the LDAP user (but we do not want to use this for other reasons).
It seems to me that we get this error as result of the internal authentication, but that the LDAP authentication is somehow not used?
Please let me know if we do something wrong or if you need further information.
Kind regards,
Jarno
The same problem 
Hi Jarno,
I think you must be on a different version/build than me because when I tried to replicate this in 7.2 20161024 I couldn't, so please let me know which version and build you are on.
I have attached a video ("LDAP_Internal_Auth_First.mp4") of my efforts to replicate the issue, in the video you can see that I created a new user called Jarno.Pons, made sure authentication order was set to "Internal Authentication First", then the new user was able to log in more than once without getting the "invalid username or password" error. Please have a look at the video and let me know if I was doing any wrong steps.
Also, if the issue turns out not to be build-specific then to preempt further investigations it would be great if you could turn DEBUG logging on and generate that error message again and then send us the logs, and also tell us what your LDAP server is, and if you are using group classes (Posixgroup etc.) and whether you are using nested groups.
regards,
David
Hi Jarno,
I think you must be on a different version/build than me because when I tried to replicate this in 7.2 20161024 I couldn't, so please let me know which version and build you are on.
I have attached a video ("LDAP_Internal_Auth_First.mp4") of my efforts to replicate the issue, in the video you can see that I created a new user called Jarno.Pons, made sure authentication order was set to "Internal Authentication First", then the new user was able to log in more than once without getting the "invalid username or password" error. Please have a look at the video and let me know if I was doing any wrong steps.
Also, if the issue turns out not to be build-specific then to preempt further investigations it would be great if you could turn DEBUG logging on and generate that error message again and then send us the logs, and also tell us what your LDAP server is, and if you are using group classes (Posixgroup etc.) and whether you are using nested groups.
regards,
David
Replies have been locked on this page!