LDAP Contextless login returns duplicate entries

  • 3967352
  • 23-Apr-2007
  • 27-Apr-2012


Novell Client for Windows 2000/XP/2003 4.91 Login
Novell Client for Windows 2000/XP/2003 4.91
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2


Novell Client Login LDAP contextless Login is configured with multiple contexts to search with Search Context and Subtree option enabled.
A context searched first is also contained within the subtree of a higher context that is listed later in the search list.
Duplicate entries of the same user and context are presented to the user to select from to continue the login process


Fixed in the post-Novell Client 4.91 SP3 update of LGNCXW32.DLL dated 07Feb2007 or later.

Additional Information

steps to duplicate

Setup a Tree with a lower level context that holds the user for testing:


Enter the two contexts to search for in the Contextless login configuration with Search context and Subtree for both entries:


Enter the user name of TestUser into the login dialog and a dialog with two entries of:


will be presented for the user has to select from to be able to continue with a login.

background for configuration

In this customer situation, the two (or multiple) context entries are required to properly support roaming users as well as situations where the WAN link to the site has failed for any reason. Some links are through low speed high latency Satelight links. Those sites have only local replicas to reduce the amount of replication across the WAN link. When the WAN link is down, local users are not able to login with just a level O=Novell search context setting. It requires the local OU=Site.OU=Region.O=Novell to be searched for a successfull login to the local resources. In the situations where the WAN link is down and roaming users are present, then it will be acceptable for the roaming user to be unable to login. This configuration has to support roaming users from many sites and having to enter some many distinct entries for each site greatly increases the number of LDAP search requests.