Description of problem: login using same user name but with white space in the string are mapped to different uid. i.e. "user" " user" and "user " are mapped to different uid. Version-Release number of selected component (if applicable): # oc version oc v1.1.3-32-g5ab601a kubernetes v1.2.0-alpha.7-703-gbc4550d How reproducible: Always Steps to Reproduce: 1. Use AllowAllPasswordIdentityProvider for identityProviders in the master-config 2. Login using same user name, but with white space in leading or tailing of the string 3. After login successful, `oc get user` by cluster-admin Actual results: There are 3 different users and UIDs, "xiaocwan", " xiaocwan" and "xiaocwan " as below # oc get user NAME UID FULL NAME IDENTITIES xiaocwan bd7a6388-d604-11e5-8f9d-fa163eca4dd1 my_allow_provider: xiaocwan xiaocwan e01a3b97-d540-11e5-9879-fa163eca4dd1 xiaocwan LDAPauth:uid=xiaocwan,ou=People,dc=my-domain,dc=com xiaocwan 64bee42e-d606-11e5-8048-fa163eca4dd1 my_allow_provider:xiaocwan my_allow_provider:xiaocwan Expected results: There should be one unique user name and uid which stripped white space Additional info:
The current behavior is actually more correct in the general case... OpenShift should not make assumptions about what the identity provider considers significant in its usernames. The AllowAllPasswordIdentityProvider is likely to be the only identity provider this is an issue for. - HTPasswd requires an exact match between the entered username and the user - LDAP reads the preferred username from an LDAP attribute, which normalizes it - BasicAuth reads the preferred username from the remote response, which normalizes it - RequestHeader reads the username from a request header, not what the user entered
Fixed in https://github.com/openshift/origin/pull/7425
This is not reproduced on devenv-rhel7_3500 Login with white space in user name as the trimmed user, there is only one user and user id is unique. oc v1.1.3-170-g14b50fd kubernetes v1.2.0-alpha.7-703-gbc4550d