IBM Support

IV15246: LDAP USERNAME PROBLEMS (USERNAME AND PRE-WINDOWS 2000) USER NAME CONFLICT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • LDAP username problems (username and pre-windows 2000) user name

There is a problem logging into the console using LDAP user
authentication when
the AD "User logon name" is different from the "User logon name
(pre-Windows
2000)" in Active Directory.

Example of working usernames:
If
"User logon name" is:  bftest2@hhs.gov
And
"User logon name (pre-Windows 2000)" is:  ATL001\bftest2
Then
Login with that user name bftest2 works.

However:
If
"User logon name" is:  bftest2@hhs.gov
And
"User logon name (pre-Windows 2000)" is:  ATL001\bigfixtest2
Then Login with user name bftest2 does NOT work
And  Login with any other combination of username does not work,
we tried the
following:
*bftest2
*bftest2@hhs.gov
bigfixtest2
ATL001\bigfixtest2
bigfixtest2@hhs.gov

The customer needs the ability to have different usernames (one
for User logon
name and one for User logon name (pre-Windows 2000) because the
user accounts
that are associated with their PKI Common Access Cards are
typically referenced
by their end users as the user name in the "User logon name
(pre-Windows 2000)"
name.

The customer noted that this configuration in their AD user
accounts is pretty
common in many of the other government agencies.

The workaround for them is to create local user accounts until
LDAP
authentication is fixed to allow difference in these user names.

Local fix

  • The logon name and pre-windows 2000 logon name must be identical
in AD for the user.

Or use locally defined console operators.

Problem summary

  • To be fixed in v8.2 (Foothill Patch 3) release.

General availability Q1 2012 (release date is subject to
change).

Problem conclusion

  • 



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV15246
    • 

  • Reported component name
    TIV EP MGR SERV
    • 

  • Reported component ID
    5725C43SV
    • 

  • Reported release
    82W
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-02-08
    • 

  • Closed date
    2012-02-08
    • 

  • Last modified date
    2012-02-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    

  • R82W  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":null,"label":null},"Product":{"code":"SSBQVS","label":"Tivoli Endpoint Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"82W","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 February 2012
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback