NetIQ SecureLogin 8.5.3
eDir Group Objects configured with "stop walking here"
Error: "You are not logged in to a directory and SecureLogin is unable to find any cached user data."
Users receive error message when SecureLogin is launched offline
Error also occurs when selecting "work offline" throug the SecureLogin system tray icon
Local cache does exist for the user, and if deleted is recreated on the next login.
Problem follows the user, not the workstation.
Disable "Stop walking here" in SecureLogin preferences on the eDirectory groups.
Bug has been entered. Problem occurs because SecureLogin stores and retrieves data differently when online using the directory than it does when offline using the local cache. The workaround is to NOT set "stop walking here" at the group level.
NOTE: Setting "stop walking here" at the user, OU or O level does not cause the problem.
Background - relevant components:
Cache file. SecureLogin can receive configuration data from containers (O or OU), Groups, and Users. This data is initially read from the directory, and stored on the local workstation in a cache file. This cache file is a failsafe in case the network goes down, and provides the necessary data for SecureLogin to continue working when offline.
Group data. SecureLogin data on the container includes a list of groups, in the order in which their settings should be applied. When SecureLogin loads it looks to the container to determine whether or not group data should be included.
Stop walking here. SecureLogin preferences include a setting called "stop walking here." This setting tells SecureLogin to stop at that point and not read any additional data from anywhere else. This prevents walking up the tree looking for data. In this case "stop walking here" was set on all groups.
On line. When SecureLogin loads and the network IS available, it
reads data from the directory in the following order:
2. Container, including to see if any groups are included
4. Other data from OU
This data is written to the local cache file.
BUT since stop walking here is set at the group level, SecureLogin does not finish reading data from the OU, and does not write all OU data to the local cache.
Off line. When SecureLogin loads and the network IS NOT available, it reads from the local cache, looking for settings from:
4. Other data from OU
BUT since “stop walking here" setting prevented SecureLogin from writing required data from the OU, this OU data is not available when SecureLogin attempts to read from the local cache. SecureLogin then returns the error about the local cache file not being available. The file is present, but is unusable because it has incomplete data.
In other words, if while reading from eDirectoy, Securelogin reaches a group that says “stop walking here,” it does not return to the OU, does not read all the required data, and does not properly create the local cache file.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.