Hello, a new problem with an OUCS 7u2 (unpatched) installation.
This may be a case of "my bad", or may be a known issue (perhaps fixed in a later release) and would ring a bell?
Our test users have several LDAP attributes by which they can be identified for login, including uid, employeenumber, mail, mailEquivalentAddress, mailAlternateAddress, and as far as I see, I did configure all programs with web-interfaced access (IWC, davserver, jiss, iim) to accept these as part of ugldap search filter. For the mail attributes we match the user-provided string as a full mail address or as a "base" for the mail addresses at our domains, i.e. "%s@*" or %s@domain.name).
While these users can login properly into Convergence with any of these login strings, some functionality (messenger widget coming online, attachment folder not displaying) only seems to work, reliably and repeatably at least, when the login string is either the value of mail attribute, or is uid@domain.name - this does not even have to be the value of the mail attribute (although this string is one of the aliases, and by chance matches the icsCalendar LDAP attribute value - it is not in the login filter, and the WCAP logins often show the default "mail" value as the calendar account name). Any other valid strings, from the short UID to other mail aliases to the user identifiers in the mail addresses (characters before the "@" even if they are not a value of any other attribute), usually lead to the messenger remaining in the "Connecting..." stage forever, and sometimes to errors contacting the JISS server for attachments (though after last night's reconfiguration of LDAP filters across the test server, I can't reproduce this one issue anymore).
Off the top of my head, it seems that Convergence may pass the originally provided user identifier (instead of determined uid or some other attribute) to SSO-login into other components. Apparently, (maybe due to my typos, or not) some components don't like these strings as login identifiers... I didn't see any complaints in the appserver or convergence or component logs, however.
Perhaps I'm just missing something simple...
Any ideas?
Thanks