search cancel

LDAP Password authentication

book

Article ID: 202039

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

We are using LDAP Authentication for login management.  Our company is requiring users to use passphrases now for passwords.  It consists of 3 or more words with spaces in between.  LDAP authentication works good for 3 words with spaces in between.  However authentication does not work if the password has a space at the end (trailing space). Does the LDAP function on the Clarity side "trim" the trailing space when sending the password the LDAP server?

Environment

CLARITY APPLICATION

Resolution

When integrate LDAP Server for Clarity login management, if the LDAP password has a space at the end the Classic login process trims the trailing space and authentication fails. While the user goes to New UX \pm and enters the same password with a space at the end the authentication works.

STEPS TO REPRODUCE
(In an LDAP enabled Clarity environment where the “External Authentication” option is checked/appears on the Resource Properties page for the Clarity user)
1) From the LDAP server reset the Clarity user's password with a space at the end.
2) Using the LDAP server password from step 1 login under the Clarity Classic /niku
3) Try same password under the Clarity New UX /pm

Expected Results: If a user login password is entered correctly in Classic it should authenticate the user.
Actual Results: Under /niku, a user enters the password with space at the end and the authentication fails and the following error appears in the UI: CMN-01002: User name or password is invalid or account is locked. Note that passwords are case-sensitive. If problem continues, contact your administrator, and application gives an error in the app-ca.log: ERROR 2020-10-22 17:07:04,594 [http-nio-80-exec-22] directory.LDAPDirectoryService (clarity:unknown:none:security.loginAction) 
Authentication failed for::CN=Test User3,OU=Global_Users,DC=mikedtest01,DC=net::due to this reason::[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
But go to New UX /pm login process, when a user enters the same password with a space at the end, the user gets successfully authenticated, no error in UI or logs.

Workaround: If using the Classic interface only do not set the LDAP password with a space at the end.

This issue was reproduced in test and under review as a defect.

Additional Information

Does Clarify support passwords with space at the end (trailing space)?
https://knowledge.broadcom.com/external/article?articleId=200129