On Tue, May 6, 2025 at 8:04 AM Peter Kronfuss <pe...@bitrotator.net.invalid> wrote:
> sorry, there is a typo in the sql-batch (copy&paste error): > > CREATE COLLATION public.case_insensitive (provider = icu, locale = > 'und-u-ks-level2', deterministic = false); > ALTER TABLE guacamole_entity ALTER COLUMN name TYPE varchar(128) COLLATE > "case_insensitive"; > > > > Am 2025-05-06 13:59, schrieb Peter Kronfuss: > > Hi there again! > > I may have found a workaround, but I am not sure if it has any side > effects. > > I have changed the collation of the name column in the guacamole_entity > table to be case-insensitive, so that logging in with different usernames > will result in the same entry. > > Maybe someone can check this solution and give me some feedback. > > CREATE COLLATION public.case_insensitive (provider = icu, locale = > 'und-u-ks-level2', deterministic = false); > > > ALTER TABLE guacamole_entity ALTER COLUMN name TYPE varying(128) COLLATE > "case_insensitive"; > > Regards, > Peter > > Peter, Thanks for posting back a work-around to this issue. First, to address the actual issue you raise, yes, the JDBC module, when used with PostgreSQL, evaluates string comparisons in a case-sensitive manner, which can make things like integration with LDAP (or SAML, OpenID, etc.) a challenge, since most other systems do not consider usernames to be case-sensitive. In addition to the challenge that you've highlighted with the TOTP module, this also manifests in things like assigning permissions to users - a user could log in with a username John_Doe and be assigned privileges in the database, and, subsequently log in as john_doe and not have those privileges. Aside from the work-around that you've mentioned, we've actually addressed this issue in the upcoming 1.6.0 release with the introduction of a property in guacamole.properties that allows you to toggle case-sensitivity for users, groups, or both. See the release notes and draft documentation: https://guacamole.apache.org/releases/1.6.0/ https://issues.apache.org/jira/browse/GUACAMOLE-1239 https://guacamole.apache.org/doc/1.6.0/gug/configuring-guacamole.html#standard-configuration-options-guacamole-properties -Nick >
