Description of problem: If the user enters his username with different registers of letters, the user is duplicated in the CFME UI. The screenshot in the attachment. The screenshot in the attachment. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I think this is fixed in upstream , if I try to add a new user with different capital username, but same fullname , I get a message "Userid is not unique within region 0"
Seems similar to: https://bugzilla.redhat.com/show_bug.cgi?id=1424618
Gellert, I have tried but I am not able to reproduce this. An easy work around is to have the users login with the same spelling, with matching case, each time. To help me diagnose what is going wrong please provide: - a screenshot of the Configuration/Authentication page. - Please tar up and attach the contents of the log directory at: /var/www/miq/vmdb/log - Please attach the file /etc/sssd/sssd.conf Thank you, JoeV
Gellert, Please also confirm the CFME version where the failure is observed. Thank you, JoeV
https://github.com/ManageIQ/manageiq/pull/15716
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/88a312c28a8825624bcfed14a1c0ea67edbe9518 commit 88a312c28a8825624bcfed14a1c0ea67edbe9518 Author: Joe VLcek <jvlcek> AuthorDate: Wed Aug 2 17:30:37 2017 -0400 Commit: Joe VLcek <jvlcek> CommitDate: Wed Aug 2 18:17:00 2017 -0400 Normalize the username entered at login to lowercase LDAP does a case sensitive match of the user name but AD will do a case insensitive match. By normalizing the userid to lowercase when using external auth both backed to either an LDAP directory or AD both will authenticate but only one DB record, in all lowercase, will be created, even if the user attempted to login with a mixed case username when backed to AD. https://bugzilla.redhat.com/show_bug.cgi?id=1448787 app/models/authenticator/base.rb | 2 +- spec/models/authenticator/httpd_spec.rb | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-)
New commit detected on ManageIQ/manageiq/fine: https://github.com/ManageIQ/manageiq/commit/344df3acf370e5f852bfd4772b4b67dcc2649d69 commit 344df3acf370e5f852bfd4772b4b67dcc2649d69 Author: Joe VLcek <jvlcek> AuthorDate: Wed Aug 2 17:30:37 2017 -0400 Commit: Joe VLcek <jvlcek> CommitDate: Fri Aug 11 13:27:17 2017 -0400 Normalize the username entered at login to lowercase https://bugzilla.redhat.com/show_bug.cgi?id=1480654 This is a cherry pick from 88a312c28a The cherry pick was not clean and had to be finished manually due to layout change of affected files. LDAP does a case sensitive match of the user name but AD will do a case insensitive match. By normalizing the userid to lowercase when using external auth both backed to either an LDAP directory or AD both will authenticate but only one DB record, in all lowercase, will be created, even if the user attempted to login with a mixed case username when backed to AD. https://bugzilla.redhat.com/show_bug.cgi?id=1448787 app/models/authenticator.rb | 10 ++++++-- spec/models/authenticator/httpd_spec.rb | 44 +++++++++++++++++++++++++++------ 2 files changed, 44 insertions(+), 10 deletions(-)
Works in MIQLDAP - AD Will test external auth as well
Please pay attention about updates. Installations can have already populated database by uppercased userid. After update users will not able to login.
(In reply to ITD27M01 from comment #30) > Please pay attention about updates. Installations can have already populated > database by uppercased userid. After update users will not able to login. We do our best to avoid this but there are unfortunately some conditions where users will need to user the CFME UI to remove unneeded users.
Bad things because there is automation methods that related to userid. As an example VM retirement emails: https://github.com/ManageIQ/manageiq-content/blob/fine/content/automate/ManageIQ/Cloud/VM/Retirement/Email.class/__methods__/vm_retirement_emails.rb#L43
My be you can create SQL procedure to update vmdb and switch userid to downcase ? ~~~~~~~~~~~~~~~~~~~~~~~ vmdb_production=# select id,name,userid from users where userid='Igor.Tiunov'; id | name | userid -----+--------------+------------- 109 | Tiunov, Igor | Igor.Tiunov ~~~~~~~~~~~~~~~~~~~~~~~
(In reply to ITD27M01 from comment #33) > My be you can create SQL procedure to update vmdb and switch userid to > downcase ? > > ~~~~~~~~~~~~~~~~~~~~~~~ > vmdb_production=# select id,name,userid from users where > userid='Igor.Tiunov'; > id | name | userid > -----+--------------+------------- > 109 | Tiunov, Igor | Igor.Tiunov > ~~~~~~~~~~~~~~~~~~~~~~~ Yes we do downcase the userid The issue is what if the following already exists: userid: Bob BOb BOB If we downcase Bob to bob then we have: userid: bob BOb BOB Leaving BOb and BOB, which would be unused and need to be manually cleaned up by the administrator. I don't want to delete BOb and BOB in this case. I would rather let the administrator clean you the ones not wanted and leave the only one, which would we would auto-down-case
Now I understand you. It is what I need.
Per discussion w/MattP moving back to ON_DEV
Per conversation with MattP moving back to ON_QA as by default sssd does case sensitive user matching. In order to do case insensitive with SSSD "case_sensitive = False" needs to be added to the domain section of the sssd.conf See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.3_technical_notes/sssd section: BZ#735827 JoeV
Verified: 5.9.0.17