[Bug 61702] New: Search active directory case sensitive

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61702

            Bug ID: 61702
           Summary: Search active directory case sensitive
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authnz_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: psazonov@at-consulting.ru
  Target Milestone: ---

When using mod_auth_kerb for authentication, you get REMOTE_USER variable
looking like this: Username@REALM.
For example, you can get UpCaseUser@TST.LOCAL or lowercaseuser@TST.LOCAL. Then,
you can try to convert this username to "local", and sometimes you get
UpCaseUser and lowercaseuser, sometimes upcaseuser@tst.local and
lowercaseuser@tst.local, it depends on your server and krb5.conf config. But AD
UPN still will be UpCaseUser@tst.local or lowercaseuser@tst.local
So, when u try to search for user with capital letters you get a error. In many
many internet pages, where configuration is described, they just use
aSAMaccountname instead of UPN, loosing domain username part.
It would be much better to make user search case insensitive and use UPN search
and original kerberos authentication username like this: Username@REALM.
I can make it using PerlAuthzHandler AuthZLDAP and search string PerlSetVar
LDAPfilter
&(userPrincipalName>=[uid])(memberOf=CN=MyUsers,OU=MyOU,DC=tst,DC=local) with
userPrincipalName>= parameter, when using just = is also case sensitive.
But I don't have access to mod_authnz_ldap search string, so when using this
module this issue is present. Can u please make this ldap searches truly case
insensitive?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org