Closed Bug 723352 Opened 12 years ago Closed 12 years ago

Extensis Portfolio test server can't authenticate LDAP users

Categories

(Air Mozilla :: Hardware, defect)

Product:
Air Mozilla
Component:
Hardware
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: richard, Assigned: richard)

References

Details

The evaluation of Extensis Portfolio Server isn't progressing because we can't get the system to authenticate via LDAP.  

This is a required capability for the Air Mozilla digital asset manager.

Infra suspects that it may be because Portfolio Server is attempting to read the LDAP passwords and then authenticate locally.  This is not permitted by Mozilla LDAP ACL rules.

I'm opening this bug to establish an asynchronous channel with Extensis support to speed things along.
MacOS 10.7.3 dropped today and one of the changes was "Improved directory authentication".   I upgraded the OS on the Portfiolio Server Pro machine.

No change in the symptoms.
Assignee: nobody → richard
Blocks: 716432
There is a known problem with the Portfolio Pro Server LDAP implementation.  The vendor description is:

Synced OD users that have multiple short names are unable to connect to Portfolio Server. Authentication Failed.

Issue Details:

In the mappings we show the 1st short name, however the account name we assign is the 2nd short name. Neither log-in works.

Workaround:

Remove extra short names in OD
delete the user mapping in Portfolio 
re-add the mapping


Analysis by Jabba in Infra suggests this is not the problem we are encountering, and in any event changing the way Mozilla does LDAP worldwide is a non-starter.
The docs say something about a "Service Browser" that can be used to view and edit directory service mappings, however that does not appear to be part of the demo package for Portfolio Server Pro.  Querying Extensis.
Email from James Grace, Extensis Systems Engineer:


Per our discussion last week, there is an issue with Portfolio Server Server version 10.1.x when used with Open Directory servers containing logins which have multiple “short names”. Our engineering team is aware of the issue and I have been informed by Product Management that the issue will be resolved in the next Portfolio Server release.

As a workaround, you can make use of “local accounts” within your Portfolio Server. This process is outlined beginning on page 24 of the attached Portfolio Server Administration guide. Also note that Portfolio Server does not have an issue when used with Microsoft Active Directory servers, so this may be another alternative if you have a corporate Microsoft AD server available.
After a conversation with Kari Friedewald, we've come to the conclusion that it is unlikely that Entensis Portfolio Server Pro will not authenticate through LDAP, as implemented at Mozilla, anytime in the foreseeable future.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.