[Cubicweb] CubicWeb / Apache / LDAP: how to recover blacklisted accounts?

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Mon May 9 15:44:40 CEST 2016


Dear all,

We use LDAP accounts for our CubicWeb instances.

New LDAP accounts need quite some time to be propagated, not only to
CubicWeb (delay depends on the LDAPfeed source
'synchronization-interval'), but also to Apache which acts as a trusted
front-end (perhaps delay depends on the Apache "LDAPOpCacheTTL" directive?).

Our experience is that accounts are blacklisted whenever a login is
attempted:
* after the LDAP account has been propagated to Apache,
* before the LDAP account has been propagated to CubicWeb.

When this happens CubicWeb blacklists the account and we are unable to
recover the account even after CubicWeb has been synchronized with LDAP.
We have to delete and re-create the LDAP account from scratch.

Could you help use here? How are accounts black-listed? How to avoid
that, or at least recover as soon as CubicWeb is synchronized with LDAP?

Best wishes,
-- 
Dimitri Papadopoulos
CEA/Saclay
DRF, I2BM, NeuroSpin
F-91191 Gif-sur-Yvette cedex, France



More information about the Cubicweb mailing list