11 Aug
2016
11 Aug
'16
1:13 p.m.
Hi Thomas, hi all,
Thomas Mortagne:
OK
--
Stéphane Laurière
CTO OW2 www.ow2.org
+33 645 816 202 @slauriere
On Thu, Aug 11, 2016 at 9:42 AM, Stéphane Laurière
<slauriere(a)ubimix.com> wrote:
I see, thank you for the explanation.
Hi all,
I have a question about case sensitivity of usernames in the context of an
LDAP authentication. As far as I understand, LDAP directories are mostly
case insensitive (reference: 'A note about case sensitivity in LDAP' [1]).
XWiki usernames, however, are case sensitive. In order to avoid any
ambiguity with usernames, we are considering to use only lowercase
usernames. Is there a way to force XWiki to use the username as it is stored
in the LDAP directory, case-wise?
The need seems to be marked as fixed at [2]. However, when doing tests with
OpenLDAP, I notice the following (with XWiki 6.4.2):
- Context: a user with uid 'aliddell' is present in the LDAP directory.
- Logging in with username 'ALIDDELL' succeeds and a user
'XWiki.ALIDDELL'
gets created (while we'd like to get 'XWiki.aliddell').
- Subsequent logins with other cases get bound
to the existing login
'XWiki.ALIDDELL'.
This is what http://jira.xwiki.org/browse/XWIKI-238 is about: knowning
that ALIDDELL and aliddell is the same thing so don't create a new
user. This is done using an LDAP related object which contains the
reference lower case LDAP uid. But the XWiki user is created based on
the first login (assuming that what the user is mostly going to use).
I understand that we may rewrite the username in JavaScript but that would
work only with form-based auth. Should we write our own LDAPAuthService to
meet the need ? Or would you have other suggestions?
The easiest in 6.4.2 would be to write your own authenticator class
which extends XWikiLDAPAuthServiceImpl and just overwrite
XWikiLDAPAuthServiceImpl#getValidXWikiUserName with something like
super.getValidXWikiUserName(name).toLowerCase(). For 7.4+ versions don't hesitate add new
improvement issue in
http://jira.xwiki.org/browse/LDAP. I guess we could create the XWiki
user name based on the actual uid found in the LDAP server, would
require a bit of refactoring but it should be doable.
OK great. I have added an improvement issue along this line indeed:
http://jira.xwiki.org/browse/LDAP-21
Cheers
Stéphane
[1] http://www.zytrax.com/books/ldap/ch2/
[2] http://jira.xwiki.org/browse/XWIKI-238
Thanks a lot,
Kind regards,
Stéphane
--
Stéphane Laurière
CTO OW2 www.ow2.org
+33 645 816 202 @slauriere
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users