Extensis Portfolio test server can't authenticate LDAP users

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
7 years ago
7 years ago

People

(Reporter: richard, Assigned: richard)

Tracking

Details

(Assignee)

Description

7 years ago
The evaluation of Extensis Portfolio Server isn't progressing because we can't get the system to authenticate via LDAP.  

This is a required capability for the Air Mozilla digital asset manager.

Infra suspects that it may be because Portfolio Server is attempting to read the LDAP passwords and then authenticate locally.  This is not permitted by Mozilla LDAP ACL rules.

I'm opening this bug to establish an asynchronous channel with Extensis support to speed things along.
(Assignee)

Comment 1

7 years ago
MacOS 10.7.3 dropped today and one of the changes was "Improved directory authentication".   I upgraded the OS on the Portfiolio Server Pro machine.

No change in the symptoms.
(Assignee)

Updated

7 years ago
Assignee: nobody → richard
(Assignee)

Updated

7 years ago
Blocks: 716432
(Assignee)

Comment 2

7 years ago
There is a known problem with the Portfolio Pro Server LDAP implementation.  The vendor description is:

Synced OD users that have multiple short names are unable to connect to Portfolio Server. Authentication Failed.

Issue Details:

In the mappings we show the 1st short name, however the account name we assign is the 2nd short name. Neither log-in works.

Workaround:

Remove extra short names in OD
delete the user mapping in Portfolio 
re-add the mapping


Analysis by Jabba in Infra suggests this is not the problem we are encountering, and in any event changing the way Mozilla does LDAP worldwide is a non-starter.
(Assignee)

Comment 3

7 years ago
The docs say something about a "Service Browser" that can be used to view and edit directory service mappings, however that does not appear to be part of the demo package for Portfolio Server Pro.  Querying Extensis.
(Assignee)

Comment 4

7 years ago
Email from James Grace, Extensis Systems Engineer:


Per our discussion last week, there is an issue with Portfolio Server Server version 10.1.x when used with Open Directory servers containing logins which have multiple “short names”. Our engineering team is aware of the issue and I have been informed by Product Management that the issue will be resolved in the next Portfolio Server release.

As a workaround, you can make use of “local accounts” within your Portfolio Server. This process is outlined beginning on page 24 of the attached Portfolio Server Administration guide. Also note that Portfolio Server does not have an issue when used with Microsoft Active Directory servers, so this may be another alternative if you have a corporate Microsoft AD server available.
(Assignee)

Comment 5

7 years ago
After a conversation with Kari Friedewald, we've come to the conclusion that it is unlikely that Entensis Portfolio Server Pro will not authenticate through LDAP, as implemented at Mozilla, anytime in the foreseeable future.
(Assignee)

Updated

7 years ago
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.