Bug 586435

Summary: Request case sensitive/insensitive option for LDAP Configuration
Product: [Other] RHQ Project Reporter: dsteigne
Component: ConfigurationAssignee: Simeon Pinder <spinder>
Status: CLOSED CURRENTRELEASE QA Contact: Satish Mohan <smohan>
Severity: medium Docs Contact:
Priority: low    
Version: 1.3.1CC: smohan, spinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-12 16:46:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 577267, 578348    

Description dsteigne 2010-04-27 15:00:59 UTC 
Description of problem:
 
My client has their JON setup to authenticate against an MS Active Directory.  Their AD server is configured for case insensitive user accounts (u123 & U123 are the same).  When a user attempts to login with the alternate capitalization, then they are prompted to register another JON account.

There should be an option for JON accounts to be case insensitive to match the LDAP server's configuration.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Simeon Pinder 2010-04-30 13:23:57 UTC 
I have reproduced this and found that this has been a reported problem for a while.  See http://jira.rhq-project.org/browse/RHQ-2281 for earlier reported bug on this.

The problem can be summarized as follows:
In RHQ both 'username' and 'password' fields are case sensitive. For ldap the 'userid' field which maps to RHQ 'username' is case insensitive by default and has been that way for LDAP for a while. See excerpt below:  

------------ LDAP SCHEMA EXCERPT------------------------------------
#
# Derived from RFC1274, but with new "short names"
#
attributetype ( 0.9.2342.19200300.100.1.1
   NAME ( 'uid' 'userid' )
   DESC 'RFC1274: user identifier'
   EQUALITY caseIgnoreMatch
   SUBSTR caseIgnoreSubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
------------ LDAP SCHEMA EXCERPT------------------------------------

Solution: The solution is not to make usernames case insensitive throughout RHQ, but to modify the LDAP RHQ integration code to ignore case when LDAP logins are occurring.  This means that when an ldap user logs in now with "Test.User" but they have already logged in as "test.user" before, the code will locate the previous RHQ account, log the occurrence and attempt to login again with those same credentials.

This has been fixed in master builds >= 272, with 

git commit hash: 14371b8ab9271598d798b32f236a4fed586ff491

To test:
Login with ldap username "test.user" and register.
Login agin with ldap username "TEST.user". You login name should be test.user and not require you to login as a new RHQ user.
Comment 2 gneelaka@redhat.com 2010-05-03 14:16:42 UTC 
verified #123 Revision 10615

1)Login to rhq as LDAP user test.
2)register the user in RHQ.
3)Logout and login LDAP user with below combinations

a)Test
b)TEST
c)tesT


observation: Login is successful without being asked for another registration for all the combinations.
Comment 4 Corey Welton 2010-08-12 16:46:04 UTC 
Mass-closure of verified bugs against JON.