Secure Global Desktop Administration Guide > Users and authentication > An "Ambiguous username" dialog is displayed when a user tries to log in

An "Ambiguous username" dialog is displayed when a user tries to log in

This dialog is displayed only for users who share person object attributes and also have the same password.

To prevent the ambiguous username dialog being displayed:

Cause

A user logs in by typing either their name, username or email address into the username box, followed by their password. For example, user Indigo Jones might type Indigo Jones, indigo or indigo@indigo-insurance.com into the username box.

The ENS login authority, or LDAP login authority, then searches the ENS, or LDAP, database for a person object with a name attribute matching the text the user typed. If the search is unsuccessful, the database is searched for a person object with a username attribute matching the text the user entered. If this search is unsuccessful, a matching email address attribute is looked for.

If only one matching person object is found and the correct password has been entered, the user is logged in.

If more than one person object matches, there is the possibility of an ambiguous login. Secure Global Desktop then checks the password against the person objects sharing the entered attribute.

If the password matches only one person object, the user is logged in.

If the password matches more than one person object, the ambiguous username dialog is displayed. The user is then asked to provide one of the two attributes not originally entered, to help resolve the ambiguity.

If this information fails to resolve the ambiguity, that is, two attributes and the password are shared by more than one person object, the user is asked for the remaining attribute.

If this fails to resolve the ambiguity the login fails.

Related topics