[ome-users] LDAP plugin: case sensitivity

Paul van Schayck paul at vanschayck.nl
Wed Jun 18 19:45:46 BST 2014 

Dear Felix,

By chance I was also looking into this issue for our setup today. As
we also have mixed case DN's while the users are unaware of this, and
normally login with whatever suits them. What I figured out that this
issue has been reported before [1].

The workarround posted there involves setting the password provider to
chainedPasswordProvider431 [2]. This allows you to manually (or
scripted, how?) set the omero loginname to for example all lowercase.

I've however also been looking if changing mapUserName() in LdapImpl
might be enough to workarround the problem [3]. Would changing
.equals() to .equalsIgnoreCase() be ennough? If we guarantee that
within ldap never two users will exist with the same username but
different case.

[1] https://trac.openmicroscopy.org.uk/ome/ticket/4821
[2] http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap.html
[3] https://github.com/openmicroscopy/openmicroscopy/blob/develop/components/server/src/ome/logic/LdapImpl.java#L180

Kind regards,

Paul

On Wed, Jun 18, 2014 at 7:23 PM, MEYENHOFER Felix
<felix.meyenhofer at unifr.ch> wrote:
> Hello
>
> the ldap-utils command ldapsearch seems not care much about upper and lower
> case letters (eg.if cn=FIRST Last, then ldapsearch will also find it with
> cn=first last).
> So today I spent some time before I figured out that the OMERO on the other
> hand does indeed a case sensitive query using the Spring framework.
> This might lead to some confusion with our users. I myself use usually
> exclusively lower case letters for my login name, but in our setup here,
> there is only one field that I can indicate to OMERO to check for this short
> login. In our casethis is the mailNickname attribute. Unfortunately this
> attribute uses a capital first letter.
> But enough about these coherency problems we deal with… what I would like to
> do however is to hide them from our users.
>
> So is there an way to tell OMERO to to a case insensitive match agains AD?
> and furthermore is it possible to tell it to try multiple matches (so the
> users use alternatively their email address as login name)?
>
> Regards,
>
> Felix
>
>
>
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>

More information about the ome-users mailing list