You are viewing limited content. For full access, please sign in.

Question

Question

LFDS users name changed from domain\username format to windows SID with S-1-5 - xxx strings

Directory Server
Updated August 15, 2017
asked on July 10, 2017

Hi,

Updated LM 8.3 to LFDS 10, but some users which were not set for "Exempt from synchronization rules" , had their usernames changed to random strings (SID's basically in AD). With format like 'S-1-5-21-xxxxxxx' and so on.

 

One fix i found was to update the table directory_objects with this query, but there are few dozen users and would like to know why this happened and if there is an easier way to fix it without having to update each individual users manually.

 

update [Licensing].[dbo].[directory_objects] set name='Domain\Sumeet' where id='120'

 

Thanks

0 0

Replies

replied on July 10, 2017

It sounds like LFDS had issues retrieving information on those users when it tried to perform an AD sync.

  1. Are these users still 'active' in AD?
  2. Have you checked the credentials used for the Identity Provider?
  3. Did they retain any licenses they had assigned?
  4. Did you try running AD sync? What happened?
0 0
replied on July 10, 2017

1. yup they are active

2. yup and to be sure reentered the account used to access ad

3. yup all did retain full license

4. yup tried sync does not change anything.

 

Support folks mentioned about account_cache table and waiting on a fix, let's see if there is one or could be a bug i do not know.

 

 

0 0
View 2 previous replies
replied on July 10, 2017 Show version history

I was going to recommend a support case next; sounds like you've already opened one. That is a better avenue for specific troubleshooting like this.

Edit: a few more diagnostic checks

  1. Have one of these users attempt to log in
    1. Can they log in?
    2. If yes, does their information update after login?
    3. If no, can other users from the same domain login
  2. If possible, remove a problematic user and try sync. Are they re-added? When they are, is their information present?
    1. If not, try just removing the license. Is it re-assigned?

 

0 0
replied on July 12, 2017

Removing user will probably wipe their access to the the folders they should have had as well correct ? So just updating the SQL table as mentioned is not really a fix i am guessing.

I did open support but they are asking me to check the responses here. Kind of lost to be frank with respect to how can someone on LSAP really get support when needed.

 

0 0
replied on July 12, 2017 Show version history

These are Windows users, yes? Removing the user from LFDS (Laserfiche Directory Server) does not affect their security settings in LFS (Laserfiche Server). Registering the user in LFDS gives them a license. Setting folder security is completely separate.

Regarding your support case: I've reached out to someone on our support team to help clear up communication issues.

0 0
replied on July 12, 2017

That trick will work, tried with one user but I am hoping they do not complain a week from now with no permission to certain folders. Though they are not LF users - they all are windows AD users.

0 0
replied on July 12, 2017 Show version history

If removing them and adding them back from LFDS works, ideally removing them and running AD sync again would also work. That should allow you to to this in bulk: select the problem users, delete them, and run AD sync.

I'd experiment with small numbers first, because I don't have enough information to tell you why this happened in the first place.

As long as you are only removing and re-adding these Windows users in LFDS, they will not lose repository settings, since those settings are referenced by the Windows SID, which is unaffected by what you do in LFDS. 

0 0
replied on July 26, 2017

I had to delete the users and add them again in the directory server, seems to be working so far, but why it happened not sure to begin with.

0 0
replied on August 14, 2017 Show version history

I'm having what sounds to be like a similar issue, except in Laserfiche Forms. Users are unable to log in unless they include the domain. When they do, their SID shows in the top right corner rather than their display name. On top of that, internal applications fail when this happens because LF Forms cannot find any users. A temporary solution is to go to Forms Config > User Authentication and re-enter and saving the config, but that isn't a sure-fire solution most times. This is happening on an irregular basis every 1-4 weeks since I installed version 10. I am currently on version 10.2.

Hopefully this issue will be resolved!

LFSID.PNG
LFSID.PNG (15.5 KB)
Download
0 0
replied on August 15, 2017

Are you using Single Sign On for Forms? If not, this is not coming from Directory Server and you should probably either start a new thread or open a support case.

If you are using Directory Server for managing your Forms users, are the users displayed correctly there?

1 0
replied on August 15, 2017

No, I'm not using single-sign on as it wasn't accepting the "license site display name" when I initially tried to configure it. That's a separate issue as well.

Yes, Directory Server does show the correct display name rather than the SID. 

Thank you for the reply.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...