We've recently been getting complaints that users are, on occasion,
getting a login failed message and having to attempt to login multiple
times even though the password they attempt to login with is correct.
Generally, I'm willing to argue that the user is simply overestimating
their ability to type accurately. However, I've gathered some
information that seems to indicate that, at least some of them, are
telling the truth.

First, one of the users was sitting with another member of the IT
department and that member had the user copy and paste their password
into the password field. On the fourth or fifth time of pasting the
same password into the password field, it accepted the login and off
they went.

Second, after enabling debug logging on the IDP for SAML2 and
Application, it seems that the login attempts that actually have an
incorrect password will show up with NIDPMAIN.1536 - login attempts that
are claimed to be failing with the correct password seem to show up with

Third, there's usually a message like the below as part of the log right
before the failure:
Method: JNDILogEventListener.accept
Thread: http-bio-ipaddress-exec-1955
Exception while attempting to create ldap connection!

Our issue looks very similar to this one:
Except: We're on NAM4.0SP1, Our user store is eDirectory on SLES, we
only have 4 search contexts

Any assistance pointing me towards other things I could look at to
troubleshoot would be helpful.

djaquays's Profile: https://forums.netiq.com/member.php?userid=2530
View this thread: https://forums.netiq.com/showthread.php?t=51414