Today’s major event was fun diagnosing an issue with our directory services (we have three: AD, and two independent eDirectory trees) where users were unable to log in. To cut a long story short, Novell updates the password change in AD and one of the eDir trees directly and the third tree synchronises from the other two and changes between the two via IDM. The directory that we use for web authentication is the ID-Vault which is supposed to be the thing thats got all of the information in the most up to date format. Bzzzzzt assertion failed. Somewhere along the line the password synchronisation for the user got lost between the two directory services and the third one ends up with the wrong password. Fun for the whole family.

This lead me to write up some doco on a service that I rarely use but it is one of the more useful ones that I have out there. JCMU was a project to centralise user authentication and management with a plugin infrastructure to enable disparate ‘sites’ to manage information. In TRC’s incarnation its set up connected to the LDAP directory (the aforementioned ID-Vault), the Staff Intranet and a few other internal applications – each with their own particular method of storing user credentials. So the tool can manage users in the systems, reassigning passwords, groups and even creating accounts in different sites with different connectors. The system even has its own query language to weed down result sets, however the system needs a large hit to make it cache the information as at the moment it finds out all of this information of about 1000 odd users and then outputs it without caching or storing in a database somewhere even temporarily. When I get some time I’ll release out the doco and a tutorial for setting up this extension (its got a 1.0 and 1.5 version) to make it useful in different situations.