Task #4821 (new)
Opened 13 years ago
Last modified 10 years ago
LDAP: Improve username case senitivity support — at Initial Version
Reported by: | jamoore | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | Unscheduled |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | jburel, jamoore, CJW@…, cblackburn, bpindelski, mtbcarroll, pwalczysko |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
OMERO is currently quite strict with regard to LDAP username enforcement:
/** * Mapping a username to an {@link Experimenter}. This handles checking the * username for case exactness. This should be done at the LDAP level, but * Apache DS (the testing framework used) does not yet support :caseExactMatch:. * * When it does, the check here can be removed. * * @param username * @param mapper * @return a non null Experimenter. * @see ticket:2557 */ private Experimenter mapUserName(String username, PersonContextMapper mapper) { Filter filter = config.usernameFilter(username); List<Experimenter> p = ldap.search("", filter.encode(), mapper); if (p.size() == 1 && p.get(0) != null) { Experimenter e = p.get(0); if (e.getOmeName().equals(username)) { return p.get(0); } } throw new ApiUsageException( "Cannot find unique DistinguishedName: found=" + p.size()); }
There might should be a flag to optionally allow users to "mis-capitalize" their names. However, then there will need to be a case-insensitive UNIQUE constraint on the experimenter.omeName table.
See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-March/002587.html