LDAPS first login - Usercapitalization - Unexpected Behaviour

  • versions used (8.8.0-community as a docker image with inmemory db)

  • error observed
    Miscapitalized username gets stored as the username to use even when the regular username in LDAP is capitalized differently

  • expected behaviour
    If the username that tries to login deviates (in capitalization) from the username that is stored in LDAP, the username that is found in LDAP gets stored in the SQ-DB (and just to mention it: the supplied miscapitalized username just gets ignored)

  • steps to reproduce

    • Running a fresh install via docker image with inmemory db
    • User-Auth via LDAP
    • Register a user first time by initiating a login with a user not already in SQ-DB
    • Enter the Username OBviOuSLy wROng cApitalLIZed (e.g: dANiel instead of Daniel)
    • Enter the correct expected password
    • confirm that the User is now existing under /admin/users with faulty capitalization (e.g.: dANiel)
    • logout the user
    • Login the user with correct capitalized username (e.g.: Daniel) and expected password
    • check that the login failed
  • potential workaround
    uhm :thinking: idk :innocent: i only could work around it by deactivating user and then user recreates via login with correct username

cheers
Daniel

Hey there.

You are probably looking for this setting

SONAR_AUTHENTICATOR_DOWNCASE=true
Set to true when connecting to a LDAP server using a case-insensitive setup.

1 Like

Thanks, Colin. I will try that out tomorrow.

I knew that parameter existed (i skimmed through all of them) but i probably misunderstood its meaning.

I thought to myself “well, as i cannot login into SQ with a miscapitalized username the LDAP server surely cannot use a case-insensitive setup” :innocent:

Maybe this insight could lead to a rephrasing in the docs? (Although i am currently lacking any idea how to optimize the description, maybe someone else might be able to find a better description)