Specific users are unable to login to Spectrum through LDAP.
Enabling SSORB debug in OneClick, we can see error messages similar to the following under Tomcat log file (catalina.out for Linux/Unix or stdout.log file for Windows environment):
(http-bio-8443-exec-58) (SecuritySP) - Authenticating user with external directory server: spectrum
(http-bio-8443-exec-58) (SecuritySP) - Getting user by search: sAMAccountName=spectrum
(http-bio-8443-exec-58) (SecuritySP) - Username spectrumhas multiple entries
As Spectrum is integrated with Active directory, it will query AD for ALL logins being done at Spectrum console (even if user does not exist in AD).
As defined in the OneClick configuration integration page, it is configured with sAMAccountName={0} as login name pattern for searching users in Active directory.
This means that Spectrum will search for this user attribute to locate users:
(http-bio-8443-exec-58) (SecuritySP) - Getting user by search: sAMAccountName=spectrum
The string "Username spectrum has multiple entries" indicates that the "sAMAccountname" attribute for the user account in Active Directory is duplicated, and this attribute is supposed to be unique:
(http-bio-8443-exec-58) (SecuritySP) - Username spectrum has multiple entries
Run a search on the Active Directory and eliminate the duplicates.