@derekschrock - if you've got the time to look at this, it might be useful for you on FreeBSD. Any comments gratefully received.

Looks good.

Using no xrdp is using ~/.Xauthority
Using yes xrdp is using /var/run/xrdp/<UID>/Xauthority

During the testing of the system environment with LDAP + NFS (homedir) + XRDP server structure, it was found that when the XRDP server is a deepin linux, setting XAuthorityInSystemDir=yes leads to the loss of user authentication information.

When XAuthorityInSystemDir=no, everything works fine. LDAP users can login to the XRDP server, and the user's home directory is on the NFS service.

When XAuthorityInSystemDir=yes, the performance is good, and the impact of restarting NFS on users is reduce.
However, when the desktop is lockscreen, LDAP users are no longer recognized, switch user ldapusername display is ...
and only the local users login box for the XRDP server is displayed. after logging in with a local user, the desktop session returns to the original LDAP user state.

Creating a symbolic link from /var/run/$UID/Xauthority to ~/.Xauthority is ineffective.
This issue does not occur in the debian environment.lockscreen can display ldap user

Thanks for raising this @tsz8899

I don't fully understand the problem:-

1. Where is the lockscreen running? on the physical machine, or on the xrdp session?
2. How is the lockscreen provided? Via gdm, or a separate program like xscreensaver?

It could be the XAUTHORITY hasn't been communicated to the systemd --user instance for the user. Can you see it in systemctl --user show-environment?

The phenomenon occurs within the xrdp session.The issue was found to be caused by an exception from org.deepin.dde.lock in the Deepin system, and it has been reported to the operating system developers.

XAuthorityInSystemDir is working normally in the NFS scenario.

Thanks for letting us know @tsz8899