Highlighted
Absent Member.
Absent Member.
1092 views

SL 8.5SP2 not syncing changes from client to AD

Hi,

I have Securelogin 8.5 SP2 running with Active Directory.

If I make a change using the snap-in in Active Directory User & Computers (ADUC) then this change is replicated to the client.

If I make a change in the client (change a username, update an application definition) this does not appear NOT appear to replicate back to AD and show in ADUC.

I am attempting to update a application definition on my workstation and then deploy it to a number of users (using Distribution > Copy) so this makes it difficult 🙂

I'm sure this is how I developed applications in the past, as I don't remember doing it differently.

Anyone know whether this is normal, or is there something I am missing here ?

Regards
Ian
0 Likes
4 Replies
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi Ian,
SecureLogin client synchronizes with Active Directory based on SecureLogin preference "Cache refresh interval", which is by default set to 5 minutes.
You can trigger cache refresh manually using SecureLogin tray icon -> right click -> Refresh cache option.

For any change made at the client to reflect into Active Directory, you must refresh the SecureLogin cache.

If you still notice this issue after all these changes, please try using the SecureLogin administrative tool "SLManager".
https://www.netiq.com/documentation/securelogin-86/administration_guide/data/bhjujaf.html#bhjwagu

Regards,
Dinesh
0 Likes
Highlighted
Absent Member.
Absent Member.

pvdinesh;2482693 wrote:
Hi Ian,
SecureLogin client synchronizes with Active Directory based on SecureLogin preference "Cache refresh interval", which is by default set to 5 minutes.
You can trigger cache refresh manually using SecureLogin tray icon -> right click -> Refresh cache option.

For any change made at the client to reflect into Active Directory, you must refresh the SecureLogin cache.

If you still notice this issue after all these changes, please try using the SecureLogin administrative tool "SLManager".
https://www.netiq.com/documentation/securelogin-86/administration_guide/data/bhjujaf.html#bhjwagu

Regards,
Dinesh


Hi Dinesh,

1. Having to trigger this manually by doing a Refresh Cache would seem to be odd, as a user would not think to do that if they updated credentials and then moved between computers. Having said that, I have tried refreshing cache and that did not help updating it in AD.

2. Did not have SLManager, but on doing Modify of the install I note that Admin tools option was not installed, so I selected and installed it. Still no SLmanager.exe anywhere. I have previously used SLmanager - but in earlier versions (6 and 7).

Will try again tomorrow on a different machine - but this is really odd...

Cheers
Ian
0 Likes
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi Ian,
Sorry, I was wrong, the behavior seems to be other way around.
1. SecureLogin client will synchronize with Active Directory (AD) immediately as soon as any changes made.
2. Changes made through SecureLogin Management utility (SLManager, MMC plugin) at Active Directory will synchronize to Client based on SecureLogin preference "Cache refresh interval".

When user moving between two computers -
- Changes made at computer 1 will immediately gets updated to Active Directory.
- On computer 2 as soon as SecureLogin loads it refreshes the cache and gets the update made at computer 1 via AD.
- But, during run time AD does not have a mechanisum to push the changes to Client, so client uses "Cache refresh interval" preference to pull the data from AD.

To install SLManager you need to select "Directory Administration Tool" option during install / modify operation.

Regards,
Dinesh
0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Dinesh,

Thanks for the Update.

That makes more sense.

The SLManager appears when I install the base Directory tools section. I note that the SL Documentation is wrong in stating what section needs to be added for it...
SL Manager doesn't give me an alternative way of uploading the definition, just an alternative way of managing what it already in AD.

I tested with another account and it works normally, so it appears just my account is borked. I will strip all the SL attributes and re-apply and see how that goes.

Thanks for the help and clarifications !

Cheers
Ian
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.