Problem:
Recently we came across a customer situation where none of their LDAP users were able to login to LiveCycle RM console. (http:///edc)
Local users were able to login to LiveCycle.
Analysis and Background:
Customer had multiple enterprise domains configured, LDAP synch was working fine.
Local Administrator login worked fine and all LDAP users were searchable through UI.
Users had necessary roles assigned as well.
Above tests showed that LDAP synchronization part of LiveCycle UserManager was working fine.
Upon closely inspecting their enterprise domain definitions we noticed that they had custom authentication provider. (Registering Custom Auth provider with LiveCycle is an extensible mechanism LiveCycle offers, in case customers want to plugin their user authenication mechanism with LiveCycle).
At runtime, when user tries to login, LiveCycle UserManager tries to authenticate the user using each of the Authproviders one by one. As soon as authentication succeeds with any one of auth providers, user session gets established. If none of the auth providers can authenticate the user, failure message is shown to the user.
Auth provider order is defined in a configuration file (config.xml).
Configuration file can be exported using following navigation path.
Home > Settings > User Management > Configuration -> Import and export configuration files -> Export button
Solution:
Export of config.xml, showed that there was no order element(sequence) defined for custom auth provider.
Order for LDAP auth provider was 3.
Added following new element in custom auth provider section to downgrade it’s order below LDAP -
(Number 7 was next available number – entire section is not pasted here for brevity).
—
<entry key=”order” value=”7″ />
—
Modified node looked like -
——
<node name=”CUSTOMSPI”>
<map>
<entry key=”isSPI” value=”true” />
<entry key=”configured” value=”true” />
<entry key=”enabled” value=”true” />
<entry key=”visibleInUI” value=”true” />
<entry key=”order” value=”7″ />
<entry key=”serviceName” value=”ExternalAuthService” />
<entry key=”allowMultipleConfigs” value=”true” />
<entry key=”configInstance” value=”/Adobe/LiveCycle/Config/UM/Domains/EDC_EXTERNAL_REGISTERED/AuthConfigs/EDC_EXTERNAL_REGISTERED_SPIJDBC” />
</map>
</node>
——
After saving these changes to locally exported config.xml, imported the file using
Home > Settings > User Management > Configuration -> Import and export configuration files -> Import button
You do not need to restart LiveCycle server. Changes are taken on the fly.
As soon as this was done, LDAP users were able to login to LiveCycle.
Note: Typically you do not need to modify config.xml manually. If at all it needs to be done, in such scenarios described above, it should be done with extra precaution.
You made some nice points there. I looked on the internet for the topic and found most persons will consent with your site.