Active Directory wasn’t working if I changed the user from OU (Organizational Unit)

Hi folks…I’m back with a quick tip.

There was a trouble with a customers UCM 10g environment.
The UCM 10g is integrated with Microsoft’s Active Directory but one little problem occurs if I change on euser from his OU (Organizational Unit) to another OU (Organizational Unit).
The UCM losses the reference from AD and the user loses access to UCM. The workaround was to delete the user from UCM everytime I changed them from OU.
This is exactly what UCM does: It caches that information internally. Store the users DN in the database so that UCM don’t have to look it up everytime. Going into the User Admin Applet and physically deleting the user, removes him from the Users table in the database and forces a dump of the cache.

If you are using an LDAP provider, there is a solution to change this behavior:

Just add to config.cfg the following line:

RetryDefaultUserProvider=true

This variable will force a new check of the user in every login.

Props to Ken from My Oracle Support for this tip.

See ya…!

About these ads

2 thoughts on “Active Directory wasn’t working if I changed the user from OU (Organizational Unit)”

  1. ..By default when Plone fetches user or group objects from Active Directory or LDAP the query will return extra groups and users. One best practice involves creating an Organizational Unit OU called Plone and using this Organizational Unit as a filter for all your Active Directory queries…If this Plone OU exists as a part of your Windows domain that allows Plone to look up users from a restricted subset of users rather than having to query the entire set of users. ..You can repeat similar steps for groups if you are pulling groups from Active Directory…….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s