"You are not logged in to a directory and SecureLogin is unable to find any cached user data"

  • 7022433
  • 05-Dec-2017
  • 05-Dec-2017

Environment

NSL 8.5.3
NetIQ SecureLogin 8.5.3
eDirecory environment
eDir Group Objects configured with "stop walking here"

Situation

Error: "You are not logged in to a directory and SecureLogin is unable to find any cached user data."  
Users receive error message when SecureLogin is launched offline 
Error also occurs when selecting "work offline" throug the SecureLogin system tray icon 
Local cache does exist for the user, and if deleted is recreated on the next login.
Problem follows the user, not the workstation.

Resolution

Disable "Stop walking here" in SecureLogin preferences on the eDirectory groups.  

Bug has been entered.  Problem occurs because SecureLogin stores and retrieves data differently when online using the directory than it does when offline using the local cache. The workaround is to NOT set "stop walking here" at the group level. 

NOTE: Setting "stop walking here" at the user, OU or O level does not cause the problem. 


Additional Information

Background - relevant components:

Cache file.  SecureLogin can receive configuration data from containers (O or OU), Groups, and Users.  This data is initially read from the directory, and stored on the local workstation in a cache file.  This cache file is a failsafe in case the network goes down, and provides the necessary data for SecureLogin to continue working when offline.  
 
Group data.  SecureLogin data on the container includes a list of groups, in the order in which their settings should be applied.  When SecureLogin loads it looks to the container to determine whether or not group data should be included.  
 
Stop walking here.  SecureLogin preferences include a setting called "stop walking here."  This setting tells SecureLogin to stop at that point and not read any additional data from anywhere else.  This prevents walking up the tree looking for data.  In this case "stop walking here" was set on all groups.


The Problem:
 
On line.  When SecureLogin loads and the network IS available, it
reads data from the directory in the following order:  
1. User
2. Container, including to see if any groups are included
3. Groups  
4. Other data from OU
 
This data is written to the local cache file.
 
BUT since stop walking here is set at the group level, SecureLogin does not finish reading data from the OU, and does not write all OU data to the local cache.
 
Off line.  When SecureLogin loads and the network IS NOT available, it reads from the local cache, looking for settings from:
1. User
2. Container
3. Groups
4. Other data from OU
 
BUT since “stop walking here" setting prevented SecureLogin from writing required data from the OU, this OU data is not available when SecureLogin attempts to read from the local cache.  SecureLogin then returns the error about the local cache file not being available. The file is present, but is unusable because it has incomplete data.   


In other words, if while reading from eDirectoy, Securelogin reaches a group that says “stop walking here,” it does not return to the OU, does not read all the required data, and does not properly create the local cache file.