Hey guys,
We had or have the same issue. FYI, Our IDAM path for OOD is convoluted, ie. AD creds with IPA, sssd, pwath and a module in Apache (cannot remember it’s name) and some users were created in AD by central IT with spaces in their name. 
In our case (a few years ago) to fix the usernames up the unix team had to remap usernames in IPA to short names so the user now has a long username from AD and a short name and unix UID for Linux.
They can SSH into hosts with either of the usernames so long as the username has no spaces in it, not so with OOD as we get the same error you reported if they use the long name.
Have not had time to figure it out as I am very new to OOD but I would be looking in code for usage of “getent” and “Id” calls intermixed against the users username in OOD code in the first instance. I think these commands return diff results in some cases like ours.
From our end we get around it by telling users to login with their short Linux username and it works
I.e jdoyle rather than “doyle john” or “cpeters” rather than “peterschris” . How are you validating user auth when users login to OOD.
Writing from the train on my mobile, apologies if this sounds a bit confusing.
Chris