on 04-21-2011 12:27 PM
Hi,
The past few days we noticed something weird, our BOE 3.1 SP 2.5 uses SSO via Kerberos and synchs with our AD setup. Now we see that sometimes the changes on group membership on AD are synched on our BOE environment, but the change is only visible on one node of the cluster. And depending on which node the end user ends up at logon, he can or can not access certain items because of this discrepancy on the nodes.
Has anyone else encountered this problem and managed to solve this.
Thank you for the help
Guy
I think I had something similar happening.
If a user was changing groups, the changes were only happening in BO after I rebooted the servers.
I think it's a bug in 3.1 with AD authentication.
In the autentication tab, in the CMC, check "Create new aliases only when the user logs on".
Also if this doesn't fix the issue, check if your Schedule AD Group Graph Updates are set up on both servers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The "Create new aliases only when the user logs on" was already checked, and the AD group graph updates were set on both nodes.
If we encounter the problem again we'll try the synch on the node that's missing the updated information.
Regards
Guy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.