You are viewing limited content. For full access, please sign in.

Question

Question

Forms 9.2.1 AD login not working for all accounts

Forms Administration Directory Server
Updated May 19, 2017
asked on May 4, 2017

Our AD includes both internal and external users. We are not forested or federated for external users, we've simply created external users in our AD for authentication purposes. To illustrate this, if our domain is 1LOCAL, an internal user account is 1LOCAL\janedoe, while an external user account is 1LOCAL\johndoe@email.com.

 

We've assigned named user licenses to both internal and external users in our Laserfiche Directory Server. Trust is established for each user type in the Windows Account section of our Production repository. Named users are synchronized to Forms, and I can see both internal and external user accounts. Using the previous example, I can see both 1LOCAL\janedoe and 1LOCAL\johndoe in the "Named Users" section of Forms.

 

Here is the rub, internal users can successfully authenticate into Forms, but external users cannot. Using our example, we've tried logging in as:

  • johndoe
  • johndoe@email.com
  • 1LOCAL\johndoe
  • 1LOCAL\johndoe@email.com

None of these work. The odd part is, johndoe can login to WebLink using 1LOCAL\johndoe. This issue appears to be isolated to Forms (we are using Forms 9.2.1 in production). Additionally, we installed Forms 10.2 on a different server, configured and sync'd, and johndoe was able to login as johndoe@email.com. So maybe this issue is isolated to Forms < 10?

 

Any ideas on what is causing this? Anybody run into similar issues? Is there a way we can program a custom login module for Forms to get around this behavior?

 

We are using Directory Server 10.0.0.270, Forms 9.2.1.1088, and Server 9.2.0 build 343 in Production.

0 0

Replies

replied on May 5, 2017

What error did you get whey the external users login? Please check the event log on the Forms server to get the detailed error.  The username you use to login should be same as the username you see from the system security page. For Forms 10.2, can you login with  1LOCAL\johndoe?

0 0
replied on May 15, 2017

We get two errors depending on the login name used. We've ensured the password is correct.

Using 1LOCAL\johndoe =>

5/15/2017 11:03:22 AM | Session: fkgxin5dwm2djznxmnqkuu5s
URL: /Forms/Account/Login
User name: 1UOFDN\johndoe
Message: The user name or password is incorrect.
Stack trace:    at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LfLogIn(String userName, String password, String tenantName, Boolean tryDomainAccount)
   at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LogIn(String userName, String password, String tenantName)
   at E_Forms.Infrastructure.Security.FormsSessionManager.CreateConnection(String userName, String password, String tenantName, String sessionToKill, Int32 oauth_id)
   at E_Forms.Infrastructure.Security.LaserficheMembership.ValidateUser(LogOnModel account, String& authenticationCode)
   at E_Forms.Controllers.AccountController.LogIn(LogOnModel model, String returnUrl)

5/15/2017 11:03:22 AM | Session: fkgxin5dwm2djznxmnqkuu5s
URL: /Forms/Account/Login
Message: Incorrect password
Stack trace:    at Laserfiche.Forms.CommonUtils.LFHelper.CreateSession(String repoUserName, String repoUserPwd, RepositoryRegistration repoReg)
   at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LfLogIn(String userName, String password, String tenantName, Boolean tryDomainAccount)

--------------------------------------------------

Using johndoe@email.com =>

5/15/2017 11:01:00 AM | Session: fkgxin5dwm2djznxmnqkuu5s
URL: /Forms/Account/Login?returnUrl=%2FForms%2FHome%2FInbox
User name: johndoe@email.com
Message: The user name or password is incorrect.
Stack trace:    at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LfLogIn(String userName, String password, String tenantName, Boolean tryDomainAccount)
   at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LogIn(String userName, String password, String tenantName)
   at E_Forms.Infrastructure.Security.FormsSessionManager.CreateConnection(String userName, String password, String tenantName, String sessionToKill, Int32 oauth_id)
   at E_Forms.Infrastructure.Security.LaserficheMembership.ValidateUser(LogOnModel account, String& authenticationCode)
   at E_Forms.Controllers.AccountController.LogIn(LogOnModel model, String returnUrl)

5/15/2017 11:01:00 AM | Session: fkgxin5dwm2djznxmnqkuu5s
URL: /Forms/Account/Login?returnUrl=%2FForms%2FHome%2FInbox
Message: LDAP server profile not found. [9356]
Stack trace:    at Laserfiche.RepositoryAccess.Session.SendLogInRequest(String idnRepName, HttpCredential credentials)
   at Laserfiche.RepositoryAccess.Session.LoginToServer(RepositoryRegistration repository, HttpCredential credentials)
   at Laserfiche.RepositoryAccess.Session.LogIn(String userName, String password, RepositoryRegistration repository)
   at Laserfiche.Forms.CommonUtils.LFHelper.CreateSession(String repoUserName, String repoUserPwd, RepositoryRegistration repoReg)
   at E_Forms.Infrastructure.Security.LfFormsNamedUserSession.LfLogIn(String userName, String password, String tenantName, Boolean tryDomainAccount)
 

 

 

0 0
replied on May 15, 2017

For Forms 10.2, we cannot login as 1LOCAL\johndoe, 1LOCAL\johndoe@email.com, johndoe@email.com or johndoe. I was mistaken with what was said above. We can however login as johndoe@1local.com, with 1local.com being our email / domain extension. This is very odd. 1LOCAL\johndoe is what is listed in the admin console and on the security page of Forms 10.2.

The same login behavior holds true for Web Client 10.2 and the thick Client 10.2.

0 0
replied on May 18, 2017

For the site with Forms 10.2, did you have LDAP Server Profile configured(check from Administration->System Security->Participants) or do you have LDAP server profile with 1local.com configured in the repository? If you can login johndoe@1local.com, then you are login with an LDAP user.

Can you please open a support case with your VAR, we need more information for your environment and the settings.

0 0
replied on May 19, 2017

Thank you! We'll open a support case with our VAR.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...