Hi SAP product experts,
recently I have configured SLS 2.0 SP1 PL3 to authenticate users against LDAP Server and wanted to use a custom value as the CN instead the default USERID (e.g. sAMAccountName). Configured everything as described in the Secure Login Implementation Guide (V.1.4) chapter 4.6.1.1.2 and it worked.
Bad news is that, if the attribute used in LDAP has no or empty value I receive 500 Internal Server Error from SLS and the Client-Authenticationprofile is in locked state. 
I would suggest to improve this feature to fall back to default UERID if custom attribute has no values or is empty.
Reason: I already know some customers using the old SECUDE solution (SLS) and maintain a special value for some users in AD. The former SLS was able to ignore the attribute mapping and use the default USERID.
Thanks for feedback, maybe this can be solved by configuration?
Regards,
Carsten