Problem Cross-Database Useridentification

Hi Community,

i got a problem in a database-construct which works always proper for years. Now, with a group of only first-access-users, this prob appears.

• two Databases (db1 & db2)

• web-access to db1

• acl-entry is an win-ads-group

• after login to db1 this db connects to db2 by @dblookup to get further userinformation

• db2-acl contains same ads-group as db1

Now, and new to me, the server denies access to the users, because of non-access-right to db2.

I use this construct for years without problems. my given users can access without problems - probs do only appear to the first-access-users in this new ads-group.

I tried out several ideas, and the result is VERY crazy :

1.) db1-acl = qualified-username (no group!)

db2-acl = qualified-username (no group!)

WORKS !

2.) db1-acl = ads-group

db2-acl = qualified-username (no group!)

WORKS !

3.) db1-acl = ads-group OR qual. username

db2-acl = ads-group

CRASHES !

But now (and this is very strange) :

if the user has accessed db2 ONCE DIRECT the above described prob doesn’t exist anymore in further time.

(direct access to db2 works with both, acl-group or acl-qualified-username)

Does anyone have an idea, how this can happen ?!

Thanks for any reply (and excuse my may worse english)

Stephan Reintjes

Kleve/Germany