ClearTrust Authorization Server 5.5.3 Win 2003 Server, using an IIS 6.0 webserver and any cleartrust or AXM agent for IIS
Microsoft SharePoint cleartrust.data.ldap.user.attributemap.windowsupn :userPrincipalName
RSA ClearTrust 5.5.3 - SharePoint and the UPN Dynamic Creation Feature Some users of SharePoint receiving a 401 Unauthorized Error
The failing users had no UPN set in the Active Directory datastore. The ClearTrust UPN Dynamic Creation Feature failed when it attempted to dynamically create the UPN from the SAMAccountName and the user DN.
Contact Customer Support and request RSA ClearTrust Server Hotfix 18.104.22.168 (Build 2654) (26/09/2008) or later.
This feature is outlined on page 105 of the ClearTrust 5.3.3 Installation and Configuration Guide. "If you use the Attribute Lookup method to obtain UPNs, and if your users are stored in Active Directory, Access Manager provides a Dynamic Creation feature that allows the system to handle users without UPNs. When Access Manager encounters a user without a UPN, it generates the UPN from the user?s SAMAccountName and DN data. This is useful in cases where the UPN does not exist for some or all users. For example, in some environments UPNs are not exported to the Global Catalog".