Filing this on be-half of John Morrison. I checked his LDAP bits and they are enabled. He is able to login to gmail, login.mozilla.com, and other services. He just isn't able to login to intranet.m.c., mozilla VPN, and mana.m.o. "This is a `re-open` of INC0016041. My problems with LDAP authentication with some services has come back again. I can authenticate with the MTV Mozilla network with my LDAP username/password, but I am denied when I use the same with intranet.mozilla.org, mana.mozilla.org, and with the Mozilla VPN. I need access to the VPN to do my work for today."
What LDAP username is he using to authenticate to each of those services?
:atoll - I'm using email@example.com to authenticate.
Hi, :atoll. Any update on this?
So, less than one hour ago, I could authenticate with login.mozilla.com, but that has changed since that time, and now I cannot authenticate there.
Okay, so I have had my LDAP password reset, and now I have access again to various services. Closing this bug. Sorry for the bother.
Thanks John. Adding a note that we will try an LDAP PW reset first for future cases.
In this case, the password was expired: Last Password Change Date: 2014-12-05 Password Expiration: 2015-03-05 (can be seen by looking at the LDAP/manage interface). What is pretty strange here is: a) why access stopped working today, instead of back in March b) whether the user got the password expiry e-mail warnings or not? Did by chance this user recently change jobs? *Most* users do not have password expirations, but certain groups within Mozilla do have a 3-month expiration policy, so what could have happened, if the user recently switched jobs, or got added to one of the security LDAP groups that requires a password expiration, is that he moved from a non-expiry role to a new role (or ldap group) that enforces a 3-month expiration and if that kicked off today, then that would explain everything.
> Did by chance this user recently change jobs? *Most* users do not have password expirations, but certain groups within Mozilla do have a 3-month expiration policy ... Yes, this is exactly what happened. I recently switched form services qa to cloudservices operations. However, I was unaware that this would change my expiry setting, or exactly what was changed in LDAP. The odd thing was that I had begun having some problems with LDAP last week, then they went away, and then they came back today but not all at the same time. I can't really explain why there was this on-off-on-off behaviour.