Thank you for the details. I am so used to MarkLogic being so flexible I didn't even think of there being a schema enforcement. I agree that a local change is bad juju. We'll have to handle it on our end for now (definitely a fringe use case), but I think I can make a good argument in an RFE, not that there may be a very valid reason in the deep dark recesses of MarkLogic that make this unattainable.
Thanks again, Harry On Fri, Dec 2, 2011 at 12:05 PM, Michael Blakeley <[email protected]> wrote: > Probably this is enforced in security.xsd, by schema XML like this (5.0-1): > > > <xs:simpleType name="user-name"> > > <xs:annotation> > > <xs:documentation> > > </xs:documentation> > > <xs:appinfo> > > </xs:appinfo> > > </xs:annotation> > > <xs:restriction base="xs:token"> > > <xs:pattern value="[a-zA-Z0-9._@-]+"/> > > <xs:minLength value="1"/> > > </xs:restriction> > > </xs:simpleType> > > Specifically, the xs:pattern will restrict user-name to ASCII > alphanumerics, plus a few extra characters. As you've observed, the > definition for role-name doesn't include a similar pattern restriction: > > > <xs:simpleType name="role-name"> > > <xs:annotation> > > <xs:documentation> > > </xs:documentation> > > <xs:appinfo> > > </xs:appinfo> > > </xs:annotation> > > <xs:restriction base="xs:NMTOKEN"> > > <xs:minLength value="1"/> > > </xs:restriction> > > </xs:simpleType> > > You might wonder if you can remove this by editing security.xsd? As far as > I know you can, but you should not and I would recommend against it. Your > tweak would be unsupported, and would be likely to introduce new problems. > Maintaining the local change would become a headache, as well. > > Instead, if you want to make a case that this restriction is a bug, or > submit an RFE to modify it, you should contact support. > > -- Mike > > On 2 Dec 2011, at 10:50 , Harry B. wrote: > > > The authentication system we have fronting our MarkLogic application > allows usernames with diacritics and double-byte characters. I have found > that MarkLogic will not let me create a username with these characters. For > example, a username of jóvenes throws SEC-BADUSERNAME: (err:FOER0000) New > user name is not valid when using the MarkLogic admin tool and an even > nastier looking error when using sec:create-user(). Same thing with a > username consisting of Chinese characters. > > > > What befuddles me is that I can use these characters for role names, > collections, etc. > > > > Is there a restriction on what characters are allowed in user names? Is > there something I can do with sec:create-user() to encode/decode the > characters to work? > > > > Thanks in advance, > > Harry > > _______________________________________________ > > General mailing list > > [email protected] > > http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general >
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
