This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSPR v4.5.0.2 - Forgotten Password User Search Filter, Blank Replaced Tokens Returns a Wildcard (*)

Hi all,

I'm trying to setup the "Forgotten Password User Search Form" with 3 attributes:

1. cn - *Required

2. mobile

3. mail

where my "Forgotten Password User Search Filter" is:

(&(objectClass=Person)(cn=%cn%)(|(mobile=%mobile%)(mail=%mail%)))

 

As the  "Forgotten Password User Search Filter" shows, I want the users to be found either with cn mobile or cn mail.

Whats happens is this:

Example 1:

The users fills their cn (lets say its 999999999 for this example) and leave the mobile and mail blank -> they are found by the SSPR.

in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=*)(mail=*)))

Example 2: 

The users fills their cn (lets say its 999999999 for this example), wrong mobile (055123456) and leave the mail blank -> they are also found by the SSPR.

in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=055123456)(mail=*)))

Example 3: 

The users fills their cn (lets say its 999999999 for this example), wrong mobile (055123456) and the right mail (**PERSONAL INFORMATION REMOVED**) -> they are also found by the SSPR.

in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=055123456)(mail=**PERSONAL INFORMATION REMOVED**)))

 

Only when both mail and mobile are wrong, SSPR can't find the user and gives this error: "The user name is not valid or is not eligible to use this feature"

My question is:

Why does blank %mobile% and %mail% return a * value to the search filter and not left blank as it should? and how can I prevent that from happening?

 

Thanks!