Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Update delay?

Nico Kobes
 Share

This topic is 5101 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Nico Kobes Contributor

Nico Kobes

Posted
Posted

When I change the group of a person in LDAP of snow leopard server, the changes don't work in Filemaker Server 11 Advanced.

It looks like there is a very long delay, after a few hours it works finaly.

Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

It is possible you're not making the change in the correct place? Is this on an Open Directory Domain Controller or on the FileMaker Server itself?

BTW, the LDAP setting has nothing to do with External Server Authentication.

Steven

  • 1 month later...
Dave Graham Enthusiast

Dave Graham

Posted
Posted

I think it might be more accurate to say that changes made in Open Directory do not immediately take effect for externally authenticated FileMaker clients; at least in certain configurations. I've run into this before and again just now and it appears to be a caching issue. What is weird though is that password changes in OD take effect instantly for externally authenticated clients, but group changes do not. I tried flushing the Directory Services cache on both the FMS and the OD master to no avail. Restarting OD similarly has no effect. The only thing I've found that does force the change to take affect immediately is to rebind the FMS machine.

It might only happen when FMS is installed on a different computer than the OD master. I'm going to test a single server and Win deployment to see if it makes a difference.

- dg

Dave Graham Enthusiast

Dave Graham

Posted
Posted

I believe this is the location to connect FMS to an OD server

post-51827-0-76431300-1292530222_thumb.p

That is correct for 10.6. For 10.5 it's Directory Utility in Applications > Utilities.

Rebinding (i.e., delete current bound OD server and bind again) is what forces externally authenticated clients to recognize group changes immediately.

Stephen: I know we ran into this at one of our clients. Did you ever find a better solution?

- dg

Ocean West Grand Master

Ocean West

Posted
Posted

sadly no - users log in with a temp account for the day - or they have to have their account & group established the day before they gain access to the system.

Dave Graham Enthusiast

Dave Graham

Posted
Posted

sadly no - users log in with a temp account for the day - or they have to have their account & group established the day before they gain access to the system.

Bummer. I just tested at a client with FMS installed on the OD server and it's the same story. It turns out that it only affects Open Directory. In AD environments FileMaker clients authenticate properly immediately after a group change. Time to submit this as a bug.

- dg

Wim Decorte Grand Master

Wim Decorte

Posted
Posted

On Windows there is a command-line command to force an update/propagation. I would very much suprise me if there no such thing on OSX...

Dave Graham Enthusiast

Dave Graham

Posted
Posted

On Windows there is a command-line command to force an update/propagation. I would very much suprise me if there no such thing on OSX...

Me too. I expected it to be the dscacheutil (Directory Services Cache Utility).

I ran sudo dscacheutil -flushcache but it didn't do it. There must be another place that groups are cached but I don't know where to look. I'll try poking around some tonight.

- dg

This topic is 5101 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept