Hey Nick, Yes, I'm seeing the same behaviour on my end. From a cursory look at some of the source it looks like Guacamole users may be intentionally evaluated in a case-sensitive manner as per this:
https://github.com/glyptodon/guacamole-client/blob/2358d8868318cdf73e91a36d85a9d3983ee65b91/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/AbstractUser.java This would present a problem for LDAP + DB authentication though where the LDAP backend needs to be treated as case insensitive. Walter 2016-07-01 16:10 GMT-04:00 Nick Couchman <[email protected]>: > Hey, Walter, > I'm also seeing this issue. Are you using LDAP combined with Database > authentication? The biggest issue I have is that users can get different > permissions sets if they use different user names - for example, if a user > logs in with john.doe, they get no connections, but if they log in with > John.Doe, they see all the correct information. > > I was kind of working a way to force everything to lower case in the JDBC > authentication module, and do case insensitive compares on all of the > username fields, but don't have that fully working, yet. > > -Nick > > > ------------------------------ > *From: *"Walter Meyer" <[email protected]> > *To: *"user" <[email protected]> > *Sent: *Friday, July 1, 2016 2:03:38 PM > *Subject: *LDAP User Case Sensitivity of sAMAccountName > > I have LDAP authentication working. However, I'm running to a problem > wherein authentication with the same LDAP user name with different cases > will result in multiple users being created. > > E.g. if I have an LDAP user 'john.doe' in ldap, logging in with > 'John.Doe' or 'JOHN.DOE' will all result in different accounts being > created. Therefore, policies assigned to LDAP users in the local db do not > work across the board for the same ldap user. Is this a bug? > > Thanks, > Walter > > > ------------------------------ > > This e-mail may contain SEAKR Engineering (SEAKR) Confidential and > Proprietary Information. If this message is not intended for you, you are > strictly prohibited from using this message, its contents or attachments in > any way. If you have received this message in error, please delete the > message from your mailbox. This e-mail may contain export-controlled > material and should be handled accordingly. >
