Brian, thank you so much.
On Tue, 2019-07-30 at 09:52 -0400, Brian Demers wrote: > Sounds like the easiest option would be to fix the case sensitivity > of that field. Email addresses are _generally_ considered case > insensitive. We are software vendors in emerging markets. Zero chance to tell our clients how to administrate their AD, especially no in large banks with 10'000 employees. Also, from an engineering point of view, I tend to disagree: while the email-attribute should be interpreted/read case in-sensitive, the AD obviously is not restricting to lower-case values. For that reason, I believe the standard behaviour of Shiro should be to read/interprete case-insensitive (perhaps with an option to enforce case-sensitivity). Instead Shiro right now seems to read/interprete case-sensitive (without any option). > If that doesn't work (I'm guessing you already tried that route), You > can extend the ActiveDirectoryRealm, and replace the > `getRoleNamesForUser` > https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java#L158-L203 Yes, I am looking into that too although that unchartered ground for me and will take a while. Would you consider a PR in the (unlikely) case I could come up with something useful? Cheers and thank you again! Andreas
