Description of problem: After creating a new user account that contains one or more uppercase letter that account is unable to login to via the webui or authenticate using the API Version-Release number of selected component (if applicable): 5.8.2.0 How reproducible: 100% Steps to Reproduce: 1. Login to the webui as 'admin' 2. Create a new user account with a username that contains at least one uppercase letter (Landon) and assign it to any of the default groups 3. Logout as admin and attempt to login as the new user Actual results: Login fails via the webui with "Invalid username or password". Authentication via the api fails also. /var/www/miq/vmdb/log/audit.log reports that authentication failed for the same username but the log entry reports it as lowercase (landon) Expected results: Authentication succeeds --OR-- the webui will not allow usernames with uppercase letters Additional info: If you edit the user account and change the letters to all lowercase then CFME will authenticate the account successfully
This bug exists on a vanilla 5.8.2.0 appliance without enabling any external authentication. May be related to fix for bug 1480654
https://github.com/ManageIQ/manageiq/pull/15904
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/7135b4304e4ae368fef5e9446065b86a32a8b3cf commit 7135b4304e4ae368fef5e9446065b86a32a8b3cf Author: Joe VLcek <jvlcek> AuthorDate: Tue Aug 29 17:52:17 2017 -0400 Commit: Joe VLcek <jvlcek> CommitDate: Tue Aug 29 17:52:17 2017 -0400 If the userid is not found in the DB do a case insensitive search https://bugzilla.redhat.com/show_bug.cgi?id=1486041 app/models/authenticator/base.rb | 16 ++++++++++------ app/models/authenticator/database.rb | 2 +- app/models/authenticator/httpd.rb | 8 ++------ spec/models/authenticator/database_spec.rb | 27 +++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 13 deletions(-)
*** Bug 1488393 has been marked as a duplicate of this bug. ***
Amazon authentication is blocked because CFME imports the AWS IAM user id as the CFME username. The AWS IAM user id is zcapitalized and can't be modified.
(In reply to Landon LaSmith from comment #6) > Amazon authentication is blocked because CFME imports the AWS IAM user id as > the CFME username. The AWS IAM user id is zcapitalized and can't be modified. Landon, That regression is being track in BZ 1489596 which I have already posted a PR for. JoeV
*** Bug 1491198 has been marked as a duplicate of this bug. ***
Also I've tried this with just DB users as is the original intent. You can indeed create a user with mixed case ex: DBuser1 and you can log into the classic UI. (SSUI logins broken on 5.9.0.2). But you can't log in as dbuser1 which you should be able to. Assinging back to dev for investigation.
Per conversation with MattP moving back to ON_QA as by default sssd does case sensitive user matching. In order to do case insensitive with SSSD "case_sensitive = False" needs to be added to the domain section of the sssd.conf See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.3_technical_notes/sssd section: BZ#735827 JoeV
Verified on 5.9.0.4
*** Bug 1547445 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380