Task #4821 (new)
Opened 13 years ago
Last modified 10 years ago
LDAP: Improve username case senitivity support — at Initial Version
| Reported by: | jamoore | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | Unscheduled |
| Component: | Security | Version: | n.a. |
| Keywords: | n.a. | Cc: | jburel, jamoore, CJW@…, cblackburn, bpindelski, mtbcarroll, pwalczysko |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | n.a. |
| Sprint: | n.a. |
Description
OMERO is currently quite strict with regard to LDAP username enforcement:
/**
* Mapping a username to an {@link Experimenter}. This handles checking the
* username for case exactness. This should be done at the LDAP level, but
* Apache DS (the testing framework used) does not yet support :caseExactMatch:.
*
* When it does, the check here can be removed.
*
* @param username
* @param mapper
* @return a non null Experimenter.
* @see ticket:2557
*/
private Experimenter mapUserName(String username, PersonContextMapper mapper) {
Filter filter = config.usernameFilter(username);
List<Experimenter> p = ldap.search("", filter.encode(), mapper);
if (p.size() == 1 && p.get(0) != null) {
Experimenter e = p.get(0);
if (e.getOmeName().equals(username)) {
return p.get(0);
}
}
throw new ApiUsageException(
"Cannot find unique DistinguishedName: found=" + p.size());
}
There might should be a flag to optionally allow users to "mis-capitalize" their names. However, then there will need to be a case-insensitive UNIQUE constraint on the experimenter.omeName table.
See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-March/002587.html
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
