Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-238

When using XWiki + Active directory , treat sAMAccountName (name) case insensitively.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 0.9.840
    • None
    • Xwiki, Microsoft Active Directory, Oracle Database
    • patch

    Description

      Our environment of Acive Directory (AD) is, lets say, not perferct. It has some userids/sAMAccount names in all lower case and some in mixed case. For eg, 'JSmith' for John Smith and 'jdoe' for John Doe.

      However, users use all lowercase when they log into machines. We integrated our XWiki with AD they would try log in with all lower case user id.

      But, for some users who had their samAccountName / user id stored in mixed case on AD, XWiki LDAPPlugin seems to do the following, when the log in with all lower case user id (jsmith)

      • Fetch login info, log them in and store the user with mixed case credentials in XWiki database (JSmith).
      • Compare the current user (jsmith) with the one in DB (JSmith)
      • Fail the login

      However, I see that a new user JSmith is created in XWiki.

      After digging through the logs, I have found that when it does fields mapping, it resets the name from AD. If I omit, name=sAMAccountName, it did not work for any users.
      xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn

      Fix:
      After fetching 'name' field from AD, I am converting to lowercase. Some implementations may not like it, so it could be made configurable . (like IGNORE_UID_CASE_FOR_AD)

      ////// createUserFromLDAP 
       private void CreateUserFromLDAP(String susername, HashMap attributes, XWikiContext context) throws XWikiException {
      		System.out.println("authenticate - CreateUserFromLDAP");
              String ldapFieldMapping = getParam("ldap_fields_mapping",context);
              if (ldapFieldMapping != null && ldapFieldMapping.length() > 0)
              {
                  String[] fields = ldapFieldMapping.split(",");
                  BaseClass bclass = context.getWiki().getUserClass(context);
                  BaseObject bobj = new BaseObject();
                  bobj.setClassName(bclass.getName());
                  String name = null;
                  String fullwikiname = null;
                  for(int i = 0; i < fields.length; i++ )
                  {
                      String[] field = fields[i].split("=");
                      if (2 == field.length)
                      {
                         String fieldName = field[0];
                         if (attributes.containsKey(field[1]))
                         {
                             String fieldValue;
                             fieldValue = (String)attributes.get(field[1]);
                             if (fieldName.equals("name"))
                             {
      						   // Srini - 03/09 converting all names to lowercase
      						   if(fieldValue != null)
      						   	fieldValue = fieldValue.toLowerCase() ;
                                 name = fieldValue;
                                 fullwikiname = "XWiki." + name;
                                 bobj.setName(fullwikiname);
                             }
                             else
                             {
                                 bobj.setStringValue(fieldName, fieldValue);
                             }
                         }
                      }
      ///// the method continues /////////////////////////////////////////////
      

      Attachments

        1. current-users.png
          current-users.png
          4 kB
        2. lenpalek.png
          lenpalek.png
          4 kB
        3. xwikiallgroup.png
          xwikiallgroup.png
          6 kB
        4. MyLdapTest.java
          10 kB
        5. myXwikiConfig.zip
          3 kB
        6. LDAPAuthServiceImpl-r3342.diff
          2 kB

        Issue Links

          Activity

            People

              tmortagne Thomas Mortagne
              spulugur Srini Pulugurtha
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: