Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Version 8.0.0-671 issue

Just a FYI that after installing 8.0.0-671 on C670s I ran into an issue where it does not support userIDs longer than 16 characters.  This was allowed in previous versions as I have admins that use LDAP authentication with usesrIDs longer than 16 characters.

So far I find nothing in the documentation indicating that this is changing.

I've created local accounts for these users as a work around.

Just a FYI.

Capture.PNG

9 REPLIES

Version 8.0.0-671 issue

Hey Jason,

8.0.0 is still FCS, so they're still working on it... did you file a TAC case and get a bug number?

Ken

New Member

Version 8.0.0-671 issue

I have not filed a case on it.

Cisco Employee

Version 8.0.0-671 issue

Hi Guys,

This is by design. This limitation actually existed also in earlier versions, but there was no explicit message in GUI, which was added in 8.0.0 version.

There was defect CSCzv27500 where it was noticed quite some time ago that CLI cannot handle external users with username longer than 16 characters. GUI could, but in certain conditions. As it's consider that 16 characters for username should be more than enough for most of customers, our engineering decided to keep this limitation for GUI and for CLI in all circumstances and to add warning message to lower the number of characters for usernames in case it's higher than 16.

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

Version 8.0.0-671 issue

Well that is unfortunate, we have an admin that has a Active Directory user name longer than 16 characters. 

Is creating a local account for these users the only work around?

Will this impact Active Directory tied SPAM Quarantine access on M670s?   I have 18k users that login to my appliance that way and guessing a few hundred with names longer than 16 characters.

Cisco Employee

Version 8.0.0-671 issue

Hi,

I would say an AD user or local acount with less characters.

I haven't test it for SPAM quarantine on the SMA honestly.

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

Version 8.0.0-671 issue

I too have this issue. 

This is a bit disapointing.  We have numerous admins at different levels and everythign is tied to AD/LDAP.  How is it even acceptable to allow only 16 characters? 

We have nearly 20K users in the SPAM Quarantine and any update on functionality here would be great.

And if it does not effect quarantine, then there is inconsistancey there.

New Member

Version 8.0.0-671 issue

On our M670 now running 8.1.1-013 the user name limit does not affect users logging into the SPAM quarantine via a LDAP authentication.   I have a user with a 17 character AD login and can login to SPAM quarantine successfully.

However, this same user is also an IronPort administrator and cannot login to the administrative GUI with this same account.

Cisco Employee

Version 8.0.0-671 issue

Jason,

I have seen this fix the issue:

Symptoms

External Authentication (GUI admin access) worked before upgrading to 8.0

Solution:

  1. Navigate to: GUI>System Administration>LDAP
  2. Open your LDAP profile
  3. Under LDAP Server Settings > Server type, explicitly define your server type i.e. "Active Directory" or "OpenLDAP"
  4. Submit
  5. Commit Changes

hope this helps!

New Member

Version 8.0.0-671 issue

Appreciate the input but my LDAP configuration is already set to type Active Directory, which is what I'm connecting to.

1168
Views
0
Helpful
9
Replies
CreatePlease to create content