jamestaylor Frequent Contributor.
Frequent Contributor.
724 views

SSPR Error 5016 "Can't Match User" if space in username


It appears that SSPR does not allow a login if there is a space in the
username?
For example a user named "johndoe" can login, but a user named "john
doe" cannot.
I haven't found any references for this. Is this a bug or fails by
design?
Is there any known work around (other than a user rename...)?
Thanks,
-jt


--
jamestaylor
------------------------------------------------------------------------
jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
View this thread: https://forums.netiq.com/showthread.php?t=56382

0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: SSPR Error 5016 "Can't Match User" if space in username

I would probably load up ndstrace and see how the LDAP queries compare
during the login. I would not expect this to fail, but I can think of a
few reasons it may, but ndstrace should tell us what's up:

ndstrace loading and setup for LDAP-tracing, assuming you have the 'LDAP
Server' object set correctly to trace everything:


ndstrace
set dstrace=nodebug
dstrace +time +tags +ldap
set dstrace=*m9999999
dstrace file on
set dstrace=*r
#perform test here
dstrace file off
quit


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
jamestaylor Frequent Contributor.
Frequent Contributor.

Re: SSPR Error 5016 "Can't Match User" if space in username


Looks like it is picking up first and last name as separate cn's

3839231744 LDAP: [2016/08/04 14:16:55.832] Search request:
base: "o=acs"
scope:2 dereference:0 sizelimit:2 timelimit:31 attrsonly:0
filter:
"(&(&(objectClass=person)(cn=andy))(&(objectClass=person)(cn=abedar)))"

I added quotes around the name as a test and got quotes included in the
query:

190576384 LDAP: [2016/08/04 14:22:03.184] Search request:
base: "o=acs"
scope:2 dereference:0 sizelimit:2 timelimit:31 attrsonly:0
filter:
"(&(&(objectClass=person)(cn="andy))(&(objectClass=person)(cn=abedar")))"

If I rename the user to remove the space, it works fine:

3923056384 LDAP: [2016/08/04 14:29:09.619] Search request:
base: "o=acs"
scope:2 dereference:0 sizelimit:2 timelimit:31 attrsonly:0
filter: "(&(objectClass=person)(cn=andyabedar))"


--
jamestaylor
------------------------------------------------------------------------
jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
View this thread: https://forums.netiq.com/showthread.php?t=56382

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR Error 5016 "Can't Match User" if space in username

Perhaps toss an escape (backslash) before the space to see if SSPR
recognizes that as an escape of the space.

Alternatively maybe there is a setting to disable lookups by multiple values.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.