Article Number
000013755
Applies To
ClearTrust Authorization Server 5.5.3
Win 2003 Server, using an IIS 6.0 webserver and any cleartrust or AXM agent for IIS
Microsoft SharePoint
cleartrust.data.ldap.user.attributemap.windowsupn :userPrincipalName
Issue
RSA ClearTrust 5.5.3 - SharePoint and the UPN Dynamic Creation Feature
Some users of SharePoint receiving a 401 Unauthorized Error
Cause
The failing users had no UPN set in the Active Directory datastore. The ClearTrust UPN Dynamic Creation Feature failed when it attempted to dynamically create the UPN from the SAMAccountName and the user DN.
Resolution
Contact Customer Support and request RSA ClearTrust Server Hotfix 5.5.3.160 (Build 2654) (26/09/2008) or later.
Notes
This feature is outlined on page 105 of the ClearTrust 5.3.3 Installation and Configuration Guide. "If you use the Attribute Lookup method to obtain UPNs, and if your users are stored in Active Directory, Access Manager provides a Dynamic Creation feature that allows the system to handle users without UPNs. When Access Manager encounters a user without a UPN, it generates the UPN from the user?s SAMAccountName and DN data. This is useful in cases where the UPN does not exist for some or all users. For example, in some environments UPNs are not exported to the Global Catalog".
