User is unable to logon when the user has two accounts with the same Active Directory sAMAccount attribute
Article ID: 100032111
Updated On:
Description
Error Message
- User receives the following error in eDP User Interface:[#160005] Authentication failed: User id not found or password was incorrectly typed.
Please contact your Clearwell administrator for assistance- In the catalina log, the following is recorded:
org.apache.catalina.realm.JNDIRealm getUserBySearch
INFO: username XYZ has multiple entries
Cause
eDP/Clearwell uses the login name to search AD at a point outlined by the customer setting for "esa.ldap.userBase". AD will search the defined userBase and all child domains below the defined userBase.
Matching sAMAccounts will be used with the password to obtain a kerberos ticket to allow the login to proceed. Once AD returns multiple instances of the sAMAccount, eDP will not allow the logon to proceed.
Matching sAMAccounts will be used with the password to obtain a kerberos ticket to allow the login to proceed. Once AD returns multiple instances of the sAMAccount, eDP will not allow the logon to proceed.
Resolution
Manually create a local user account for the affected user or use unique sAMAccounts, Forest-wide.
Issue/Introduction
The user is unable to log in using LDAP (Lightweight Directory Access Protocol) when multiple accounts in the Active Directory(AD) Forest exist with the same sAMAccountName
Was this article helpful?
Yes
No
Powered by
