[
http://jira.xwiki.org/jira/browse/XWIKI-238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergiu Dumitriu reassigned XWIKI-238:
-------------------------------------
Assignee: Thomas Mortagne
Thomas, can you check if this was fixed in the new LDAP implementation?
> When using XWiki + Active directory , treat sAMAccountName (name) case
> insensitively.
> --------------------------------------------------------------------------------------
>
> Key: XWIKI-238
> URL: http://jira.xwiki.org/jira/browse/XWIKI-238
> Project: XWiki Core
> Issue Type: Bug
> Components: Authentication and Rights Management
> Affects Versions: 0.9.840
> Environment: Xwiki, Microsoft Active Directory, Oracle Database
> Reporter: Srini Pulugurtha
> Assigned To: Thomas Mortagne
> Fix For: Future
>
> Attachments: current-users.png, LDAPAuthServiceImpl-r3342.diff,
> lenpalek.png, MyLdapTest.java, myXwikiConfig.zip, xwikiallgroup.png
>
>
> Our environment of Acive Directory (AD) is, lets say, not perferct. It has
> some userids/sAMAccount names in all lower case and some in mixed case. For
> eg, 'JSmith' for John Smith and 'jdoe' for John Doe.
> However, users use all lowercase when they log into machines. We integrated
> our XWiki with AD they would try log in with all lower case user id.
> But, for some users who had their samAccountName / user id stored in mixed
> case on AD, XWiki LDAPPlugin seems to do the following, when the log in with
> all lower case user id (jsmith)
> - Fetch login info, log them in and store the user with mixed case
> credentials in XWiki database (JSmith).
> - Compare the current user (jsmith) with the one in DB (JSmith)
> - Fail the login
> However, I see that a new user JSmith is created in XWiki.
> After digging through the logs, I have found that when it does fields
> mapping, it resets the name from AD. If I omit, name=sAMAccountName, it did
> not work for any users.
> xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
> Fix:
> After fetching 'name' field from AD, I am converting to lowercase. Some
> implementations may not like it, so it could be made configurable . (like
> IGNORE_UID_CASE_FOR_AD)
> {code}
> ////// createUserFromLDAP
> private void CreateUserFromLDAP(String susername, HashMap attributes,
> XWikiContext context) throws XWikiException {
> System.out.println("authenticate - CreateUserFromLDAP");
> String ldapFieldMapping = getParam("ldap_fields_mapping",context);
> if (ldapFieldMapping != null && ldapFieldMapping.length() > 0)
> {
> String[] fields = ldapFieldMapping.split(",");
> BaseClass bclass = context.getWiki().getUserClass(context);
> BaseObject bobj = new BaseObject();
> bobj.setClassName(bclass.getName());
> String name = null;
> String fullwikiname = null;
> for(int i = 0; i < fields.length; i++ )
> {
> String[] field = fields[i].split("=");
> if (2 == field.length)
> {
> String fieldName = field[0];
> if (attributes.containsKey(field[1]))
> {
> String fieldValue;
> fieldValue = (String)attributes.get(field[1]);
> if (fieldName.equals("name"))
> {
> // Srini - 03/09 converting
> all names to lowercase
> if(fieldValue != null)
> fieldValue =
> fieldValue.toLowerCase() ;
> name = fieldValue;
> fullwikiname = "XWiki." + name;
> bobj.setName(fullwikiname);
> }
> else
> {
> bobj.setStringValue(fieldName, fieldValue);
> }
> }
> }
> ///// the method continues /////////////////////////////////////////////
> {code}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
