Bug: LdapPasswordProvider regression

[jamoore]

Work on #6248 (apply user_filter on password check) broke a workaround for #4821 (upper/lower case) as well as other issues. The previous code from 4.3.1 should be re-added as a configuration option, and possibly made the default.

Capitalization

In Chris Wood's case, users have their omeNames manually changed to match the LDAP capitalization. Enforcing the user_filter on every password check makes that impossible. Since their user_filter is not as restrictive as that in #6248, it makes sense to allow rolling back to the 4.3.1 logic.

See:

• #4821 (case sensitivity support)
• ​http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002808.html

Differing DNs

In order to implement #6248, there was some worry that if the DNs became out of sync that there would be a similar security issue as with the user_filter being out of sync which was the basis of #6248. While implementing that, then, we disallowed differing DNs until #2587 could be implemented. That caused some issues (see threads below) for sites where the DNs change frequently. Again, the suggested fixed was to allow rolling back to the 4.3.1 logic.

See:

• #2587 (remove DN from DB)
• also #6719 (add DN for groups)
• ​http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002824.html
• ​http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-October/002841.html

[jmoore]

​https://github.com/joshmoore/openmicroscopy/commit/3c0039b563c945ea5e56a03eb87a842774b85139

[jmoore]

Closing since pushed. Any comments should go to ​https://github.com/openmicroscopy/openmicroscopy/pull/6

[jmoore <josh@…>]

(In [3c0039b563c945ea5e56a03eb87a842774b85139/ome.git]) Re-add 4.3.1 LdapPasswordProvider? (Fix #6885)