User is being mapped to old username, even after map file is updated to local username

Hello,

I am using map file to map users for Open-Ondemand along with PAM module.
The below user has his AD username different from HPC LDAP username.

The issue is as follows:
We have a user who logged in using his AD credentials with PAM authentication.
When he logged in, he got a message that his home directory is missing, which is true since his home directory exists with LDAP username.

So I updated the map file, with his HPC username, and ran these commands:
/opt/ood/ood-portal-generator/sbin/update_ood_portal
systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service

However, the next time that he logs in - he still gets the same message that his home directory has been missing.
Also, I see in the logs that his PUNs are being created with his AD username and not his LDAP username.

Does OOD keep a cache somewhere, where it remembers how it authenticated a user as? If it is - Is it possible to clean this history so that it starts as new?

I also had a second scenario, where I had to change the uidNumber of a user, after the user authenticated and used the services with previous uidNumber - which did create lot of issues.
I do not have a way to replicate this scenario as of now.

However, I can replicate the first scenario if necessary.
I have enabled debugging, and I will update soon on what I will see in the logs, with respect to who this user is being mapped to…

Regards,
Lohit

Hello and welcome!

There is a cache of the user information in a json format which may need to be cleaned out.

These files can be found in ~/ondemand/data/sys/dashboard/batch_connect/db and in that directory you can find the session file which is likely causing the problem in the first scenario. Remove the file that has the old session info which is causing the conflict. You’ll have to look at those files to determine which is the right file.

For the second scenario, I’d expect nothing to work if you changed the UID as now there is no way for the user to be known to OnDemand. That session file would again have all the info needed for OnDemand and if you do anything to cause a deviation from that for the users metadata, OOD will no longer know who they are and what apps or configurations to use for them.

Let me know if you have any more questions or clarifications.

Hello Travis,

Thank you for the quick reply.

This user who has an issue, does not have a home directory for his AD username. I later changed the map file to his LDAP username, but it still maps to AD username and complains about no home directory.
So where would the session or db files be stored, if there is no home directory?

Regards,
Lohit

It just happened to be a permission issue. I do not have this issue anymore.