Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deleting a user from admin UI doesn't delete them from CHI cache person_lookup - Subsequent authentications don't pull from cached value - 2 issues #8451

Open
E-ThanG opened this issue Dec 21, 2024 · 1 comment
Open

Deleting a user from admin UI doesn't delete them from CHI cache person_lookup - Subsequent authentications don't pull from cached value - 2 issues #8451

E-ThanG opened this issue Dec 21, 2024 · 1 comment
Labels
Type: Bug

Comments

@E-ThanG
Copy link
Contributor

E-ThanG commented Dec 21, 2024

Describe the bug
In PF 14.0, when a user is deleted from the admin UI their person_lookup attributes remain in the output of pfcmd cache person_lookup dump <SNIP>AD-User-Authentication.<SNIP>.radius

$VAR1 = {
          'title' => '<SNIP>',
          'company' => '<SNIP>',
          'firstname' => '<SNIP>',
          'lastname' => '<SNIP>',
          'email' => '<SNIP>',
          'telephone' => '<SNIP>',
          'address' => '<SNIP>'
        };

Also, even though the cached values remain, when the same user attempts a new authentication their details aren't pulled from the cache. Viewing the user in the admin UI users tab shows blanks for the cached values. Once the cache times out or is cleared new authentications will pull the information from AD.

To Reproduce
Steps to reproduce the behavior:

  1. Perform a fresh authentication (I'm using 802.1x with PEAP/MSCHAPv2) and have user attributes pulled from AD (Title, Company, Firstname, Lastname, email, telephone, address, and so on)
  2. Find the user in the admin UI users tab, observe that all of the attributes are populated.
  3. Disconnect device from network, delete the user from admin UI, delete the device from admin UI (If it still exists).
  4. Check pfcmd cache person_lookup dump <SNIP>AD-User-Authentication.<SNIP>.radius, the user hasn't been deleted from the cache.
  5. Perform a new authentication,
  6. Find the user in the admin UI users tab, observe that the attributes haven't been retrieved from AD or the cache.

Expected behavior

  1. Deleting a user from the admin UI (Or any other method) should also delete them from all cached locations. They should be completely fresh on their next connection.
  2. If cached values are retained, they should be used.
  3. Unconfirmed: Please also validate that deleting a device removes it from all cached locations as well. Deleting anything should be global and complete.
@E-ThanG
Copy link
Contributor Author

E-ThanG commented Dec 21, 2024
edited
Loading

I should have also mentioned that I'm not using any of the NT caching options (NT Key cache and NTLM cache)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@E-ThanG