Bug 535603 (RHQ-2281)

Summary: LDAP case insensitive authentication may lead to unwanted users
Product: [Other] RHQ Project Reporter: Jay Shaughnessy <jshaughn>
Component: UsabilityAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: spinder
Target Milestone: ---Keywords: FutureFeature, Improvement
Target Release: ---   
Hardware: All   
OS: All   
URL: http://jira.rhq-project.org/browse/RHQ-2281
Whiteboard:
Fixed In Version: 2.4 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
LDAP
Last Closed: 2011-05-13 18:53:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay Shaughnessy 2009-07-30 18:07:00 UTC 
LDAP authentication may be case insensitive whereas jon usernames are case sesnsitive.   So, a single LDAP username, say 'user1' may pass a login check for 'user1', 'User1', 'USER1', etc.  But, each of these variations will look like a different user to RHQ and each will ask to be registered separately upon successful LDAP authentication.

Perhaps for LDAP we should allow only one case-specific entry.  Meaning, if we invoke LDAP authentication, and it succeeds, check the RHQ db for the username in a case-insensitive way.  If there is a match, change the entered username to the existing entry and continue with the session.
Comment 1 Red Hat Bugzilla 2009-11-10 21:01:24 UTC 
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-2281
Comment 2 wes hayutin 2010-02-16 17:08:18 UTC 
mass add of key word FutureFeature to help track
Comment 3 Simeon Pinder 2010-11-02 17:41:26 UTC 
This issue should be closed. Is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=586435 which was already addressed/closed.
Comment 4 Simeon Pinder 2011-05-13 18:53:38 UTC 
Closing as has already been addressed.