Details
-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
0.9.840
-
None
-
Xwiki, Microsoft Active Directory, Oracle Database
-
patch
-
Description
Our environment of Acive Directory (AD) is, lets say, not perferct. It has some userids/sAMAccount names in all lower case and some in mixed case. For eg, 'JSmith' for John Smith and 'jdoe' for John Doe.
However, users use all lowercase when they log into machines. We integrated our XWiki with AD they would try log in with all lower case user id.
But, for some users who had their samAccountName / user id stored in mixed case on AD, XWiki LDAPPlugin seems to do the following, when the log in with all lower case user id (jsmith)
- Fetch login info, log them in and store the user with mixed case credentials in XWiki database (JSmith).
- Compare the current user (jsmith) with the one in DB (JSmith)
- Fail the login
However, I see that a new user JSmith is created in XWiki.
After digging through the logs, I have found that when it does fields mapping, it resets the name from AD. If I omit, name=sAMAccountName, it did not work for any users.
xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
Fix:
After fetching 'name' field from AD, I am converting to lowercase. Some implementations may not like it, so it could be made configurable . (like IGNORE_UID_CASE_FOR_AD)
////// createUserFromLDAP private void CreateUserFromLDAP(String susername, HashMap attributes, XWikiContext context) throws XWikiException { System.out.println("authenticate - CreateUserFromLDAP"); String ldapFieldMapping = getParam("ldap_fields_mapping",context); if (ldapFieldMapping != null && ldapFieldMapping.length() > 0) { String[] fields = ldapFieldMapping.split(","); BaseClass bclass = context.getWiki().getUserClass(context); BaseObject bobj = new BaseObject(); bobj.setClassName(bclass.getName()); String name = null; String fullwikiname = null; for(int i = 0; i < fields.length; i++ ) { String[] field = fields[i].split("="); if (2 == field.length) { String fieldName = field[0]; if (attributes.containsKey(field[1])) { String fieldValue; fieldValue = (String)attributes.get(field[1]); if (fieldName.equals("name")) { // Srini - 03/09 converting all names to lowercase if(fieldValue != null) fieldValue = fieldValue.toLowerCase() ; name = fieldValue; fullwikiname = "XWiki." + name; bobj.setName(fullwikiname); } else { bobj.setStringValue(fieldName, fieldValue); } } } ///// the method continues /////////////////////////////////////////////
Attachments
Issue Links
- duplicates
-
XWIKI-2205 add better Active Directory support - case insensitive username
-
- Closed
-
- is related to
-
XWIKI-1079 LDAP Authentication
-
- Closed
-