07-19-2013 09:05 AM
Just a FYI that after installing 8.0.0-671 on C670s I ran into an issue where it does not support userIDs longer than 16 characters. This was allowed in previous versions as I have admins that use LDAP authentication with usesrIDs longer than 16 characters.
So far I find nothing in the documentation indicating that this is changing.
I've created local accounts for these users as a work around.
Just a FYI.
07-19-2013 09:41 AM
Hey Jason,
8.0.0 is still FCS, so they're still working on it... did you file a TAC case and get a bug number?
Ken
07-19-2013 02:38 PM
I have not filed a case on it.
07-23-2013 04:27 PM
Hi Guys,
This is by design. This limitation actually existed also in earlier versions, but there was no explicit message in GUI, which was added in 8.0.0 version.
There was defect CSCzv27500 where it was noticed quite some time ago that CLI cannot handle external users with username longer than 16 characters. GUI could, but in certain conditions. As it's consider that 16 characters for username should be more than enough for most of customers, our engineering decided to keep this limitation for GUI and for CLI in all circumstances and to add warning message to lower the number of characters for usernames in case it's higher than 16.
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
07-25-2013 02:48 PM
Well that is unfortunate, we have an admin that has a Active Directory user name longer than 16 characters.
Is creating a local account for these users the only work around?
Will this impact Active Directory tied SPAM Quarantine access on M670s? I have 18k users that login to my appliance that way and guessing a few hundred with names longer than 16 characters.
07-25-2013 06:04 PM
Hi,
I would say an AD user or local acount with less characters.
I haven't test it for SPAM quarantine on the SMA honestly.
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
02-04-2014 07:52 AM
I too have this issue.
This is a bit disapointing. We have numerous admins at different levels and everythign is tied to AD/LDAP. How is it even acceptable to allow only 16 characters?
We have nearly 20K users in the SPAM Quarantine and any update on functionality here would be great.
And if it does not effect quarantine, then there is inconsistancey there.
02-04-2014 08:21 AM
On our M670 now running 8.1.1-013 the user name limit does not affect users logging into the SPAM quarantine via a LDAP authentication. I have a user with a 17 character AD login and can login to SPAM quarantine successfully.
However, this same user is also an IronPort administrator and cannot login to the administrative GUI with this same account.
02-10-2014 01:19 PM
Jason,
I have seen this fix the issue:
External Authentication (GUI admin access) worked before upgrading to 8.0
hope this helps!
02-12-2014 02:27 PM
Appreciate the input but my LDAP configuration is already set to type Active Directory, which is what I'm connecting to.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide