SLBL entries removed when using LDAP isq.auth

Zachary Reneau · ‎04-12-2013

When using LDAP consolidation and isq.auth in a chained query, it appears that users with multiple aliases are overwriting the bulk imported SLBL.

We reduced the problem to a single user for troubleshooting. We found that entries made from the EUQ GUI are retained consistently.

However, if you make entries that are successfully retained via the GUI, export them, they appear as below:

matt.loya@example.com, SAFE, no@nogo.com, leveme@flask.com

matthew.loya@example.com, SAFE, no@nogo.com, leveme@flask.com

mloya@example.com, SAFE, no@nogo.com, leveme@flask.com

So you can confirm that by using LDAP that each alias has its own entry maintained for the same user.

But at this point if you import the same info back into the SLBL DB and have the user log in again, the information is gone. Exporting the SLBL again shows that it is gone.

This seems to suggest that there is a unique identifier for LDAP users in the SLBL DB that is not represented in the SLBL export.

This poses a problem, because there is over one thousand entries that need to be imported, but randomly it appears users with multiple aliases lose their SLBL upon first login to the EUQ.

Has anyone encountered this sort of issue?

ASYNC

Version: 7.9.0-110

Zachary Reneau · ‎04-15-2013

It seems this occurs when not using the correct LDAP attributes. Using the following queries should eliminate the described problem under Active Directory.

EUQ auth

(|(mail={a})(mail=smtp:{a})(sAMAccountName={u}))

attributes - mail,proxyAddresses

Alias consolidation

(|(proxyAddresses={a})(proxyAddresses=smtp:{a}))

attribute - mail