Question

LDAP (AD) JSS Username length

Forum|Forum|11 years ago
December 10, 2014
7 replies
28 views

rrouleau
Contributor

Does there happen to be a minimum username length for a JSS user to log into/use the Jamf web console?
Our users are pulled from our LDAP (really AD), and no other user seems to have issue with privileges except for one of our users, that has 4 letters in their username.

This user can log in but does not receive any of the privileges assigned.

I also created the same user as a local user in the JSS, but again was not allowed privileges. For testing purposes, I added 1234 behind the username with no other changes to the user (privilege-wise) and everything worked flawlessly. I then deleted the 1234 and again no privileges were given to the user.

Please advise and thanks in advance.

+24

mm2270
Legendary Contributor
Forum|Forum|11 years ago
December 10, 2014

What version of the JSS? I just created a test local JSS account on our 9.61 server called "test" so 4 character length name, like in your case. I can login and see everything privilege wise. But, I also assigned it full admin privileges. I can try knocking it down to one of the pre-defined privilege sets and see if there is a difference.

Are there any odd characters in the username that could be causing an issue?

+35

bentoms
Hall of Fame
Forum|Forum|11 years ago
December 10, 2014

@rrouleau, we have multiple users with 4 letter AD usernames, they can login fine.

rrouleau
Author
Contributor
Forum|Forum|11 years ago
December 10, 2014

Sorry I should have posted that... I am using version 9.62

There are no special characters in the name...

If others have no issues with users with 4 characters in their name, it must be something unique to this username. I even deleted the LDAP user in JSS and created the same username as a standard user (local) and had the same issue. FWIW, This user is not an admin.

+24

mm2270
Legendary Contributor
Forum|Forum|11 years ago
December 10, 2014

That is really weird. The test user I created doesn't match anything in our AD that I know of, but even dropping the privilege set down to something custom was OK. I could still log in and see what was assigned to it.
Have you tried creating any local JSS account with 4 characters in it as a test and see if it works, like my "test" example for instance?
I'm not sure what could be going on there. Maybe open a support ticket with JAMF? Or, is this a new defect in 9.62 I wonder? We're not on it yet...

rrouleau
Author
Contributor
Forum|Forum|11 years ago
December 10, 2014

@mm2270 - I just created a local 4 character username and assigned privileges. No issues on login, which lends me to believe this is only affecting the username in question. I am going to open a ticket

+10

calumhunter
New Contributor
Forum|Forum|11 years ago
December 10, 2014

@rrouleau
special characters in the username or password?
i thought i saw a post somewhere the other day that there might be issues with certain characters like ! in a password that prevents login

+13

chuck3000
Contributor
Forum|Forum|10 years ago
January 28, 2016

I'm having an issue where a user, logged in to Self Service with his LDAP credentials, sees different things if he logs in with his full name (name longer than xx characters), versus logging in with his shortened name. BOTH allow him access, yet he sees different Self Service items depending on which way he logs in.

His name is first.last, and 11 characters dot 8 characters - or a total of 20 characters (with the period).
Yet, if he logs in with first.shortenedlast, 11 characters dot 7 characters - or a total of 19 characters, he sees what we'd expect him to see.

I guess I would say this is a bug, since parts of the ldap authentication system allows him to log in with the shortened name or full name, but SS displays different things to each.

Has anybody seen this behavior?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded