Forums
Lawson Portal
Domain account locked out when using Lawson Portal
Author
Messages
Nate R
New Member
Posts: 2
11/28/2011 6:06 PM
Hello,
We have been troubleshooting an issue where user accounts (Windows domain accounts/NT accounts) are getting locked periodically when using the Lawson Portal.
I have very limited understanding of this system, and the event logs on the workstations aren't very helpful (there is no mention of Lawson at all). However, with a little Google-ing I think it might be a situation that could only be caused by our
Lawson Portal being configured to use an LDAP query
.
Could anyone kindly reinforce this theory with me, or suggest another tree for me to bark up?
Thanks in advance,
-Nate
Greg Moeller
Veteran Member
Posts: 1498
11/28/2011 7:02 PM
You seem to be correct. I've noticed myself, since we've recently bound to our corporate AD, that users would lock themselves out, because they were used to using different passwords than their AD password.
Lately, it's started to calm down as they are getting used to using the correct passwords.
The process of binding to AD uses a command called ldapbind which you can find lots of information about on myLawson. That is where your LDAP query is most likely coming from- I know that is where ours comes from. AD = LDAP.
Jimmy Chiu
Veteran Member
Posts: 641
11/28/2011 8:22 PM
Do you have AD password policy in place? IE: X number of failed password tries will automatically lock out the AD account. Thus, you can't login Lawson if you are ldapbinded to AD. Check with your domain admin on password policy.
Nate R
New Member
Posts: 2
12/5/2011 4:16 PM
Greg, Jimmy - Thank you.
Greg -- I'll check out the sources you mentioned -- thanks, that's very helpful.
Jimmy - yeah, we do have an AD password policy. To my knowledge, the users do NOT get locked out of Lawson -- this simply notice they can't log into their computers (or use network resources, etc.) because their AD password is locked.
Seems like this
ldapbind
is a likely culprit -- I will continue on toward that point of investigation -- thanks again, guys.
Jimmy Chiu
Veteran Member
Posts: 641
12/7/2011 8:08 PM
Nate,
FYI: Failed password attempts in portal *do* results AD account lockout if it's LDAPBIND to AD for password authentication when you have AD password lockout policy in place.
- Lawson Portal passes user/password to AD for password authentication via ldapbind
- AD evaluates the user/password combination, when it fails x amount of times, lockout account
- User no longer able to log in portal
- User no longer able to log in computer
- User no longer able to log in mobile phone to access email etc.