Hello,

We have a rather peculiar issue. We have our SLES (non OES) servers setup to use LDAP authentication against our eDirectory tree, for SSH. We have configured the systems so that only the IT OU is allowed to authenticate via LDAP on these servers.

The issue is that if the username starts with an S, the person is not able to authenticate. Accounts that begin with any other letter have no issue authenticating. I've been able to recreate this with three different accounts and even found the same issue on an old SLES 11.3.

Something I have noticed in the messages log is that when an account is successful, the log entries start as follows:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=boba

When the account starts with an S, the log entry starting line does not include the user=...:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx

Has anybody run into anything like this?