Changes in Handling of Lime vs Windows Users

Since Lime CRM v.12.29 we have changed users with regards to how they can logon to Lime. Prior to this version, a single user could be configured to allow both Lime and Windows logon.

This causes a few problems as a user may be linked to a user in Active Directory, and if configured incorrectly may allow a user to use Lime login as well. This makes it harder for an admin to change passwords or deactivate users by just performing actions in active directory.

Since 12.29, to prevent degradation from Windows logon to Lime logon, we no longer allow Lime logon for a Windows user. Period.

The way we determine if a user is a Windows user or not, is to check if the user has a SID (a windows user ID) connected to it. If it has, it's a Windows user, and it only accepts Windows logons.

When upgrading from an earlier version, you may experience problems if a user is connected to an AD account but has been using Lime login. In that case, either start logging on using the connected AD-account or disconnect the user from the AD-account in LISA.

In some scenarios, users may have a SID in the database's user table that isn't connected to an AD-account. Perhaps as a result of moving a database from one environment to another. If you cannot disconnect it from AD using LISA, you may have to clear the SID using the power of SQL.

  • Last modified: 2 years ago
  • (external edit)