<div dir="ltr">I have seen a very weird issue with only 1 or 2 users in an enterprise with close to 2,000 users.<div><br></div><div>For some reason, if you login with your JID, Jabber checks for your mail alias as a user ID first, and if none found, reverts back to the JID. I might be explaining the process technically incorrect, but that's the gist of it.</div><div><br></div><div>Why is this a problem? Well, if your email alias matches another user's JID, then you cannot login.</div><div><br></div><div><b>Logs when your email alias matches someone else's JID (Keep in mind aholloway is my email alias and my JID is 45633):</b></div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><span style="font-family:monospace,monospace">12:24:30.333 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB (userid) query successful: [SELECT pkid, userid FROM validendusers WHERE userid='aholloway';]</span><br></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><span style="font-family:monospace,monospace">12:24:30.333 | error| TokenAuthUtils::executeUserFromIMaddressQuery: </span><span style="font-family:monospace,monospace;background-color:rgb(244,204,204)">imaddress and userid queries returned conflicting rows. Returning error</span></div></div></div><div><br></div><div><b>Logs when your email alias does not match someone else's JID (aholloway is email alias and JID is 45633):</b></div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><div><span style="font-family:monospace,monospace">11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB (userid) query successful: [SELECT pkid, userid FROM validendusers WHERE userid='aholloway';]</span><br></div></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><div><font face="monospace, monospace">11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: <span style="background-color:rgb(217,234,211)">imaddress query returned row but not userid.</span></font></div></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><div><font face="monospace, monospace">11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: <span style="background-color:rgb(217,234,211)">userid set as [45633]</span></font></div></div></div></div><div><br></div><div>The environment was using employee numbers as User IDs for employees, while using First Initial + Last Name (aholloway) for contractors. So, if user Andrew Holloway, with email <a href="mailto:aholloway@company.com">aholloway@company.com</a>, and with employee ID 1234 logged into jabber with 1234 as their JID, Jabber would look up aholloway in that SQL query you see up above, and find the contractor Anthony Holloway with email <a href="mailto:aholloway2@company.com">aholloway2@company.com</a> and user ID aholloway. Boom. Login failed.</div><div><br></div><div>Do I agree with any of that? Nope. But, it happens.</div><div><br></div><div>For what it's worth, they're using flexible JID, by using Directory URI as the IM Address scheme, which we sync from AD mail attribute.</div><br><div class="gmail_quote"><div dir="ltr">On Thu, Oct 19, 2017 at 11:15 AM Florian Kroessbacher <<a href="mailto:florian.kroessbacher@gmail.com">florian.kroessbacher@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div name="messageBodySection">Maby your IM and Prsence server are out of sync, and the user getd no one time password</div>
<div name="messageSignatureSection"><br>
<p style="color:rgb(0,0,0);font-family:-webkit-standard;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin:0px 0px 10px"><span style="font-weight:bold;background-color:rgba(255,255,255,0)"><font face="-webkit-standard" size="3">--</font></span></p>
<p style="color:rgb(0,0,0);font-family:-webkit-standard;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin:0px 0px 10px"><span style="font-weight:bold;background-color:rgba(255,255,255,0);font-family:-webkit-standard;font-size:medium">Florian Krößbacher</span></p>
<p style="color:rgb(0,0,0);font-family:-webkit-standard;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;line-height:12px;margin-bottom:10px"><a href="mailto:florian.kroessbacher@gmail.com" style="background-color:rgba(255,255,255,0);font-family:-webkit-standard;text-decoration:none;display:inline" target="_blank">florian.kroessbacher@gmail.com</a></p>
<p style="color:rgb(0,0,0);font-family:-webkit-standard;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;line-height:0"><font color="#000000" face="-webkit-standard" size="3"><span style="background-color:rgba(255,255,255,0)"><a href="https://twitter.com/flohATinnsbruck" style="text-decoration:none;display:inline" target="_blank"><img src="https://s3.amazonaws.com/htmlsig-assets/grey/twitter.png" alt=" " height="16" width="16" style="margin-bottom:2px;border:medium none;display:inline"></a> <a href="https://plus.google.com/+FlorianKroessbacher" style="text-decoration:none;display:inline" target="_blank"><img src="https://s3.amazonaws.com/htmlsig-assets/grey/googleplus.png" alt=" " height="16" width="16" style="margin-bottom:2px;border:medium none;display:inline"></a> <a href="https://www.linkedin.com/in/florian-kroessbacher-5a29a832?" style="text-decoration:none;display:inline" target="_blank"><img src="https://s3.amazonaws.com/htmlsig-assets/grey/linkedin.png" alt=" " height="16" width="16" style="margin-bottom:2px;border:medium none;display:inline"></a></span></font></p>
</div></div><div>
<div name="messageReplySection"><br>
Am 19. Okt. 2017, 18:11 +0200 schrieb <a href="mailto:norm.nicholson@kitchener.ca" target="_blank">norm.nicholson@kitchener.ca</a>:<br>
<blockquote type="cite">
<div class="m_-857060294751716266WordSection1">
<p class="MsoNormal">I have a user getting this error:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"></p><img src="cid:15f35cdf0474cff311" alt="image001.png" class="" style="max-width: 100%;"><p></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">And she is the only Jabber user getting it. I have reset everything associated with the CSF but no joy.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Any assistance would be appreciated</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><b><span style="color:#00b050">Norm Nicholson</span></b></p>
<p class="MsoNormal"><b><span style="color:#00b050">Telecom Analyst</span></b></p>
<p class="MsoNormal"><b><span style="color:#00b050">City of Kitchener</span></b></p>
<p class="MsoNormal"><b><span style="color:#00b050"><a dir="ltr" href="tel:(519)%20741-2200;7000" target="_blank">(519) 741-2200 x 7000</a></span></b></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
</blockquote>
</div>
</div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div></div>