[xwiki-users] LDAP auth and username case

Stéphane Laurière slauriere at ubimix.com
Thu Aug 11 09:42:47 CEST 2016


Hi all,

I have a question about case sensitivity of usernames in the context of 
an LDAP authentication. As far as I understand, LDAP directories are 
mostly case insensitive (reference: 'A note about case sensitivity in 
LDAP' [1]). XWiki usernames, however, are case sensitive. In order to 
avoid any ambiguity with usernames, we are considering to use only 
lowercase usernames. Is there a way to force XWiki to use the username 
as it is stored in the LDAP directory, case-wise?

The need seems to be marked as fixed at [2]. However, when doing tests 
with OpenLDAP, I notice the following (with XWiki 6.4.2):

   - Context: a user with uid 'aliddell' is present in the LDAP directory.
   - Logging in with username 'ALIDDELL' succeeds and a user 
'XWiki.ALIDDELL' gets created (while we'd like to get 'XWiki.aliddell').
   - Subsequent logins with other cases get bound to the existing login 
'XWiki.ALIDDELL'.

I understand that we may rewrite the username in JavaScript but that 
would work only with form-based auth. Should we write our own 
LDAPAuthService to meet the need ? Or would you have other suggestions?

   [1] http://www.zytrax.com/books/ldap/ch2/
   [2] http://jira.xwiki.org/browse/XWIKI-238

Thanks a lot,

Kind regards,

Stéphane

-- 
Stéphane Laurière
CTO OW2 www.ow2.org
+33 645 816 202 @slauriere
























More information about the users mailing list