You are viewing limited content. For full access, please sign in.

Question

Question

SAML User can't be search in Web Client, but found in Desktop application (Possible Bug?)

Version 11 Web Client Laserfiche Directory Server
Updated January 19, 2024
asked on January 17, 2024

I have a couple of users that are set up in LFDS (Laserfiche Directory Server 11 (Build 11.0.2303.2108)) as SAML Users.

Each user is in a group, security and authentication is based on the group they are part of. When user logs into web client (Laserfiche Web Client 11 (11.0.2308.28) - Laserfiche Repository Access 11.1.2212.409) and searches user, once Laserfiche user is selected, it always comes up with no results. If I do not select the user and just type in the username, then it comes up with ALL results for all users. (Attached: WebClient).

When I do the exact same search on the desktop application and just type in the username instead of using the ellipses to select the Laserfiche user, I am able to see the correct user's search results. Once I select the LF user from the dropdown, it once again yields no results.

I am at a loss and wondering if anyone else has experienced this issue? After our LF11 upgrade and some cleanup in LFDS, we now have a couple more users that are experiencing the exact same issue. 

Lastly, when I select the ellipses and then select the LF user, the field populates the username@LFDS. This doesn't seem right, but I am not sure what I am missing. It is also worth noting that we experienced the same behavior with 10.

Any help is appreciated! 

WebClientUserSearch.jpg
ThickClientUserSearchManual.jpg
ThickClientUserSearchLFDS.jpg
WebClientUserSearch.jpg (70.72 KB)
Download
ThickClientUserSearchManual.jpg (62.81 KB)
Download
ThickClientUserSearchLFDS.jpg (126.85 KB)
Download
1 0

Replies

replied on January 18, 2024 Show version history

Hi Veronica,

While I'm not sure about the user search parts, I can comment on this:

Lastly, when I select the ellipses and then select the LF user, the field populates the username@LFDS. This doesn't seem right, but I am not sure what I am missing. It is also worth noting that we experienced the same behavior with 10.

The "@LFDS" indicates that the source of a non-AD/LDAP user is LFDS. It's part of the "fully qualified" User Principal Name of a LFDS Laserfiche trustee. More precisely, it indicates LFDS as an LDAP directory storing that user.

Consider the following case where you have an AD account (domain = example.com), a LFDS Laserfiche user, and a repository user all named "TestAccount". The underlying UPNs of these are:

  • AD: TestAccount@example.com
  • LFDS: TestAccount@LFDS
  • Repository: TestAccount

This is part of how Laserfiche tells them apart despite all having the same "account name".

0 0
replied on January 19, 2024

This is helpful, thank you! I was hoping that someone else had experienced the same problems and knew exactly how to fix it.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...