Applies to: Centrify DirectControl Version 5.2.2-186 on All Unix/Linux Platform
Problem: After upgrade to Adclient V5.2.2, AD User intermittently not able to log in to Centrify Linux server.
Performing an "adquery user <aduser>" shows users as "not a zone user."
Login Issue will be temporary fixed by "adflush -a"
Cause:DirectAuthorize cache was updated with incomplete LDAP page search result and caused users lost system login right.
Workaround:
For work around, we recommend setting up a cron job to re-flush adcache every 30 minutes
- crontab –e
- The following entries will run adflush every 30 minutes
- 30 * * * * adflush –a
- Save and exit the crontab
Resolution:
This issue has been fixed in Centrify Server Suite 2015 SP1 a.k.a DirectControl version 5.2.2-192 , please refer to KB-5278: How to install Centrify DirectControl Agent 5.2.2 SP1 for details.