Cloning from an instance that has LDAP Integration configured (for example. with Active Directory) could result in invalid LDAP integration account credentials being provided to the LDAP server by the target cloning instance.
This occurs near the end of the clone operation, specifically during runs by the LDAP Connection Test scheduled job.
Steps to Reproduce
- Clone from an instance that has LDAP Integration activated using the Clone from backup option.
- After the clone is complete (as indicated by the change request), go to the instance and look at the LDAP log entries.
It appears that the credential failures listed in the log are coming from the LDAP Connection Test scheduled job. Because the credentials are from the source instance and the source instance had valid credentials, the target instance should also have valid credentials.
Use a different LDAP username and password for development than for production because if the account is locked, you can immediately identify the instance that locked the account. Preserving ldap_server_config would retain that configuration.
To avoid the LDAP server locking your LDAP username, when scheduling a clone, create a data preserver and an exclude the LDAP tables, with a minimum of the ldap_server_config table.
If you are cloning to a target that does not have the ldap_server_config table:
- Manually export the relevant tables and records from the source instance into an XML file.
- Import them into the target (including the ldap_server_config table) before the clone is started.
- Validate the LDAP connection succeed.
- Ensure that your username and password is different to the one used on the source instance.
Related Problem: PRB659857