It's all about the answers!

Ask a question

ADMIN account disabled but still enabled if you login with a incorrectly cased username


Olly Brand (162) | asked Oct 14 '14, 8:40 a.m.
Since upgrading from CLM 4.0.6 to 5.0.1 users are able to log in as ADMIN if they incorrectly enter the case of their username. We're using LDAP and Tomcat so we have to use case sensitive usernames. If a user mistakenly enters a differing case, instead of an error, they are logged in as ADMIN.

I think this might be a bug but before I raise it has anyone seen similar / is there anything I can try?

The team.properties has the line com.ibm.team.repository.ws.allow.admin.access=false

This wasn't happening in 4.0.6.

ADMIN and ADMIN doesn't work, nor does logging in with anything other than the correct case username and password (works as expected) or the incorrect case and correct password (logs you in as ADMIN).

Any thoughts / ideas? Anyone seen similar?

So far I've re-setup the LDAP and copied the config files + tripple checked ADMIN is set to false. All to no avail.

Comments
Ralph Schoon commented Oct 14 '14, 11:19 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I would consider this serious. I'd suggest to get into contact with support.

One answer



permanent link
Olly Brand (162) | answered Oct 16 '14, 3:28 a.m.

Your answer


Register or to post your answer.