Hi Sebastian, So maybe the problem is somewhere else ... I did some packet network capture : when i did a request with the exact username (respecting uppercase/lowercase) the bind request is " DN=CN=TotoA,ou=users,o=corp " (so it works and i can login) when i did a request without respecting uppercase/lowercase the bind request is " DN=totoa " and my ldap server answer : InvalidSyntax (i'm not able to login)
Maybe this is something wrong when the ldap request is build ? (arround ligne 377 ???) http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java?revision=1235166&view=markup Benoit >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 13:38 >>> So to sum up: All the option does is to convert the username to lowercase, expecting your ldap server to either ignore the upper/lowercase or actually having the names really in lowercase in ldap. Sebastian 2012/1/24 seba.wag...@gmail.com <seba.wag...@gmail.com> > No I don't convert anything like that, there is no such possibility I > don't get any user from LDAP. > All I do is search the LDAP Server for a user, if the ldap_use_lower_case > is true, the user that searchs the LDAP server is transformed to lowercase. > OpenMeetings itself will also use the lowercase username internally for > that user if that option is set to true. > > I cannot influence the way the ldap server itself compares the strings. > Maybe there is an ignoreCase setting in the LDAP server. > However, actually OpenMeetings does no string comparisson of Users and > matches to results, its the other way round: The username is taken and an > LDAP search is started with that username. > Line 353 the ldap_search_base is defined with the specified user from the > login. > > And in > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapAuthBase.java?view=markup > Line 82 you can see how the user+pwd is send to LDAP to authentificate. > > I cannot find any "equals" method that compares LDAP user to usernames of > OpenMeetings, as there is none. > > Sebastian > > > 2012/1/24 Benoit Vautrin <benoit.vaut...@trw.com> > >> Hi Sebastian, >> >> I'm not a good developer but i try to understand your new code. If the >> new param ldap_use_lower_case is added to the config file, you convert >> in lower case the value fill-in by users in the Openmeetings login >> window ? am i right ? >> >> But i don't see where you convert also in lower case the answer of the >> ldap request (username field only of course) ... To be sure both string >> will be the same. >> Maybe i've not seen it. >> >> Thank you very much for your quick answers on issues, that's really >> great ! >> >> Regards. >> >> Benoit >> >> >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 09:51 >> >>> >> I've resolved the issue: >> >> there is a new param ldap_use_lower_case that you can add in the >> config >> file. >> If the param is true, the username is converted to lowercase before >> validating the username. >> This has no effect on how the password is verified. >> >> >> https://issues.apache.org/jira/browse/OPENMEETINGS-27?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs >> >> >> Sebastian >> >> 2012/1/23 Jeff Schoby <ssrj...@gmail.com> >> >> > LDAP usernames, as I understand it, should be case insensitive. >> > On Jan 23, 2012 3:19 PM, "Norbert Haag" <norb...@noahidenations.com> >> > wrote: >> > >> >> Quite frankly I think that this behavior is an not an issue but a >> >> feature. Unix system have a strict distinction between caps and >> non-caps >> >> for a good reason. So please don't change that "issue" but try to >> educate >> >> users, that ABC does not equal Abc does not equal aBc etc. >> >> >> >> Cheers >> >> >> >> -----Ursprüngliche Nachricht----- >> >> Von: BBS Technik [mailto:dormiti...@gmx.de] >> >> Gesendet: Montag, 23. Januar 2012 17:30 >> >> An: openmeetings-user@incubator.apache.org >> >> Betreff: Re: Username in ldap authentication is case sensitive >> >> >> >> Hi, >> >> I did also run onto this problem and I would be happy when this >> issue >> >> could be resolved. >> >> In the moment we have to instruct our users, but we often have >> >> helpdesk-requests. >> >> >> >> Greetings >> >> Ed >> >> >> >> -------- Original-Nachricht -------- >> >> > Datum: Mon, 23 Jan 2012 10:08:19 +0100 >> >> > Von: "Benoit Vautrin" <benoit.vaut...@trw.com> >> >> > An: openmeetings-user@incubator.apache.org >> >> > Betreff: Username in ldap authentication is case sensitive >> >> >> >> > Hi guys, >> >> > >> >> > I would like to know if some of you have already run onto this >> problem : >> >> > Authentication using OpenLDAP option check the exact 'username' >> string >> >> > between ldap answer and the username field in authentication >> message >> >> box. So, >> >> > for example, if your ldap username attribute contains "TotoA" and >> user >> >> key >> >> > in "totoa", application returns : Invalid Username. >> >> > >> >> > I think most of authentication systems are case sensitive only >> for >> >> > password, not on the username. >> >> > >> >> > The code checking for ldap authentication in Openmeetings is there >> : >> >> > >> >> >> >> http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java >> >> >> > >> >> > Sebastian has proposed this solution : >> >> > "we could add an option "ignoreUpperLowerCase" to the ldap >> >> configuration. >> >> > Making it generally "ignore" would need verification on ADS, >> OpenLDAP et >> >> > cetera how they behave regarding upper/lowercase." >> >> > I've opened this ticket : >> >> > https://issues.apache.org/jira/browse/OPENMEETINGS-27 >> >> > Please vote for it if you are interested to change the way >> username is >> >> > manage. >> >> > >> >> > Have a nice day. >> >> > >> >> > Benoit >> >> > >> >> >> >> -- >> >> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir >> >> belohnen Sie mit bis zu 50,- Euro! >> https://freundschaftswerbung.gmx.de >> >> >> >> >> >> >> -- >> Sebastian Wagner >> http://www.openmeetings.de >> http://incubator.apache.org/openmeetings/ >> http://www.webbase-design.de >> http://www.wagner-sebastian.com >> seba.wag...@gmail.com >> > > > > -- > Sebastian Wagner > http://www.openmeetings.de > http://incubator.apache.org/openmeetings/ > http://www.webbase-design.de > http://www.wagner-sebastian.com > seba.wag...@gmail.com > -- Sebastian Wagner http://www.openmeetings.de http://incubator.apache.org/openmeetings/ http://www.webbase-design.de http://www.wagner-sebastian.com seba.wag...@gmail.com
