Help

LDAP (AD) JSS Username length

rrouleau
Contributor

Posted on ‎12-10-2014 11:46 AM

Does there happen to be a minimum username length for a JSS user to log into/use the Jamf web console?
Our users are pulled from our LDAP (really AD), and no other user seems to have issue with privileges except for one of our users, that has 4 letters in their username.

This user can log in but does not receive any of the privileges assigned.

I also created the same user as a local user in the JSS, but again was not allowed privileges. For testing purposes, I added 1234 behind the username with no other changes to the user (privilege-wise) and everything worked flawlessly. I then deleted the 1234 and again no privileges were given to the user.

Please advise and thanks in advance.

0 Kudos
7 REPLIES 7

mm2270
Legendary Contributor III

Posted on ‎12-10-2014 11:52 AM

What version of the JSS? I just created a test local JSS account on our 9.61 server called "test" so 4 character length name, like in your case. I can login and see everything privilege wise. But, I also assigned it full admin privileges. I can try knocking it down to one of the pre-defined privilege sets and see if there is a difference.

Are there any odd characters in the username that could be causing an issue?

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎12-10-2014 11:56 AM

@rrouleau, we have multiple users with 4 letter AD usernames, they can login fine.

0 Kudos

rrouleau
Contributor

Posted on ‎12-10-2014 12:01 PM

Sorry I should have posted that... I am using version 9.62

There are no special characters in the name...

If others have no issues with users with 4 characters in their name, it must be something unique to this username. I even deleted the LDAP user in JSS and created the same username as a standard user (local) and had the same issue. FWIW, This user is not an admin.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎12-10-2014 12:04 PM

That is really weird. The test user I created doesn't match anything in our AD that I know of, but even dropping the privilege set down to something custom was OK. I could still log in and see what was assigned to it.
Have you tried creating any local JSS account with 4 characters in it as a test and see if it works, like my "test" example for instance?
I'm not sure what could be going on there. Maybe open a support ticket with JAMF? Or, is this a new defect in 9.62 I wonder? We're not on it yet...

0 Kudos

rrouleau
Contributor

Posted on ‎12-10-2014 12:10 PM

@mm2270 - I just created a local 4 character username and assigned privileges. No issues on login, which lends me to believe this is only affecting the username in question. I am going to open a ticket

0 Kudos

calumhunter
Valued Contributor

Posted on ‎12-10-2014 02:29 PM

@rrouleau
special characters in the username or password?
i thought i saw a post somewhere the other day that there might be issues with certain characters like ! in a password that prevents login

0 Kudos

chuck3000
Contributor

Posted on ‎01-28-2016 02:57 PM

I'm having an issue where a user, logged in to Self Service with his LDAP credentials, sees different things if he logs in with his full name (name longer than xx characters), versus logging in with his shortened name. BOTH allow him access, yet he sees different Self Service items depending on which way he logs in.

His name is first.last, and 11 characters dot 8 characters - or a total of 20 characters (with the period).
Yet, if he logs in with first.shortenedlast, 11 characters dot 7 characters - or a total of 19 characters, he sees what we'd expect him to see.

I guess I would say this is a bug, since parts of the ldap authentication system allows him to log in with the shortened name or full name, but SS displays different things to each.

Has anybody seen this behavior?

0 Kudos