I am running Collaborator 9.4.9401 in a UNIX environment and authenticating users via LDAP. I have users who are able to login to Collaborator, from a windows/AD domain, sometimes for months after their UNIX/LDAP account password has expired.
How can I make Collaborator authenticate each user to LDAP at each Collaborator logon, and/or, make Collaborator not allow user login if their LDAP account is expired?
There may be two options (I know are in version 11, and I'm assuming are also in version 9) which could help, both around invalidating a user's login ticket, requiring Administrator access:
Thank you, "Dubs".
I haven't had the opportunity to implement or test your solution yet - paperwork. I'll let you know the outcome!
Now I have a new requirement. The authentication expiration, the time-to-live, ticket has to expire for all users EXCEPT for one admin user. That admin user is the ccollab administrator account and it is the account used by the scripts run by various triggers in coco. If this account expires the scripts will not run.
I may have to post this as a new question to the forum, but I'm thinking about changing collaborators authentication mechanism from LDAP to collaborators own internal authentication. That will break the 60 day PW change requirement and nullify the original problem.
I don't know how that will affect the existing user accounts, existing inspections, etc. At this point I'm not even sure if it's possible to make that change without a fresh installation.
Happy to hear you're almost there, one workaround I thought of is to create another "dummy" script to run at a frequency just a bit higher than your time-to-live value to ensure the script account doesn't time out. I do like the idea of configuring accounts that don't expire to avoid having to do that - I suggest you log that in the feature requests board.
Dummy script is not a bad idea! Thanks Dubya!
