Hi all,
I'm trying to setup the "Forgotten Password User Search Form" with 3 attributes:
1. cn - *Required
2. mobile
3. mail
where my "Forgotten Password User Search Filter" is:
(&(objectClass=Person)(cn=%cn%)(|(mobile=%mobile%)(mail=%mail%)))
As the "Forgotten Password User Search Filter" shows, I want the users to be found either with cn mobile or cn mail.
Whats happens is this:
Example 1:
The users fills their cn (lets say its 999999999 for this example) and leave the mobile and mail blank -> they are found by the SSPR.
in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=*)(mail=*)))
Example 2:
The users fills their cn (lets say its 999999999 for this example), wrong mobile (055123456) and leave the mail blank -> they are also found by the SSPR.
in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=055123456)(mail=*)))
Example 3:
The users fills their cn (lets say its 999999999 for this example), wrong mobile (055123456) and the right mail (**PERSONAL INFORMATION REMOVED**) -> they are also found by the SSPR.
in the log, I see that the search filter is passed like this: (&(objectClass=Person)(cn=999999999)(|(mobile=055123456)(mail=**PERSONAL INFORMATION REMOVED**)))
Only when both mail and mobile are wrong, SSPR can't find the user and gives this error: "The user name is not valid or is not eligible to use this feature"
My question is:
Why does blank %mobile% and %mail% return a * value to the search filter and not left blank as it should? and how can I prevent that from happening?
Thanks!