Bug 586435 - Request case sensitive/insensitive option for LDAP Configuration
Request case sensitive/insensitive option for LDAP Configuration
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Configuration (Show other bugs)
1.3.1
All Linux
low Severity medium (vote)
: ---
: ---
Assigned To: Simeon Pinder
Satish Mohan
:
Depends On:
Blocks: jon24-ldap 578348
  Show dependency treegraph
 
Reported: 2010-04-27 11:00 EDT by dsteigne
Modified: 2010-11-02 13:37 EDT (History)
2 users (show)

See Also:
Fixed In Version: 2.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-12 12:46:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dsteigne 2010-04-27 11:00:59 EDT
Description of problem:
 
My client has their JON setup to authenticate against an MS Active Directory.  Their AD server is configured for case insensitive user accounts (u123 & U123 are the same).  When a user attempts to login with the alternate capitalization, then they are prompted to register another JON account.

There should be an option for JON accounts to be case insensitive to match the LDAP server's configuration.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Simeon Pinder 2010-04-30 09:23:57 EDT
I have reproduced this and found that this has been a reported problem for a while.  See http://jira.rhq-project.org/browse/RHQ-2281 for earlier reported bug on this.

The problem can be summarized as follows:
In RHQ both 'username' and 'password' fields are case sensitive. For ldap the 'userid' field which maps to RHQ 'username' is case insensitive by default and has been that way for LDAP for a while. See excerpt below:  

------------ LDAP SCHEMA EXCERPT------------------------------------
#
# Derived from RFC1274, but with new "short names"
#
attributetype ( 0.9.2342.19200300.100.1.1
   NAME ( 'uid' 'userid' )
   DESC 'RFC1274: user identifier'
   EQUALITY caseIgnoreMatch
   SUBSTR caseIgnoreSubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
------------ LDAP SCHEMA EXCERPT------------------------------------

Solution: The solution is not to make usernames case insensitive throughout RHQ, but to modify the LDAP RHQ integration code to ignore case when LDAP logins are occurring.  This means that when an ldap user logs in now with "Test.User" but they have already logged in as "test.user" before, the code will locate the previous RHQ account, log the occurrence and attempt to login again with those same credentials.

This has been fixed in master builds >= 272, with 

git commit hash: 14371b8ab9271598d798b32f236a4fed586ff491

To test:
Login with ldap username "test.user" and register.
Login agin with ldap username "TEST.user". You login name should be test.user and not require you to login as a new RHQ user.
Comment 2 gneelaka@redhat.com 2010-05-03 10:16:42 EDT
verified #123 Revision 10615

1)Login to rhq as LDAP user test.
2)register the user in RHQ.
3)Logout and login LDAP user with below combinations

a)Test
b)TEST
c)tesT


observation: Login is successful without being asked for another registration for all the combinations.
Comment 4 Corey Welton 2010-08-12 12:46:04 EDT
Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.