When integrate LDAP Server for Clarity login management, if the LDAP password has a space at the end the Classic login process trims the trailing space and authentication fails. While the user goes to New UX \pm and enters the same password with a space at the end the authentication works.
STEPS TO REPRODUCE
(In an LDAP enabled Clarity environment where the “External Authentication” option is checked/appears on the Resource Properties page for the Clarity user)
1) From the LDAP server reset the Clarity user's password with a space at the end.
2) Using the LDAP server password from step 1 login under the Clarity Classic /niku
3) Try same password under the Clarity New UX /pm
Expected Results: If a user login password is entered correctly in Classic it should authenticate the user.
Actual Results: Under /niku, a user enters the password with space at the end and the authentication fails and the following error appears in the UI: CMN-01002: User name or password is invalid or account is locked. Note that passwords are case-sensitive. If problem continues, contact your administrator, and application gives an error in the app-ca.log: ERROR 2020-10-22 17:07:04,594 [http-nio-80-exec-22] directory.LDAPDirectoryService (clarity:unknown:none:security.loginAction)
Authentication failed for::CN=Test User3,OU=Global_Users,DC=test01,DC=net::due to this reason::[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
But go to New UX /pm login process, when a user enters the same password with a space at the end, the user gets successfully authenticated, no error in UI or logs.
Workaround: If using the Classic interface only do not set the LDAP password with a space at the end.
This issue was reproduced in test and under review as a defect.