You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/10/31 09:59:51 UTC
[Bug 61702] New: Search active directory case sensitive
https://bz.apache.org/bugzilla/show_bug.cgi?id=61702
Bug ID: 61702
Summary: Search active directory case sensitive
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: bugs@httpd.apache.org
Reporter: psazonov@at-consulting.ru
Target Milestone: ---
When using mod_auth_kerb for authentication, you get REMOTE_USER variable
looking like this: Username@REALM.
For example, you can get UpCaseUser@TST.LOCAL or lowercaseuser@TST.LOCAL. Then,
you can try to convert this username to "local", and sometimes you get
UpCaseUser and lowercaseuser, sometimes upcaseuser@tst.local and
lowercaseuser@tst.local, it depends on your server and krb5.conf config. But AD
UPN still will be UpCaseUser@tst.local or lowercaseuser@tst.local
So, when u try to search for user with capital letters you get a error. In many
many internet pages, where configuration is described, they just use
aSAMaccountname instead of UPN, loosing domain username part.
It would be much better to make user search case insensitive and use UPN search
and original kerberos authentication username like this: Username@REALM.
I can make it using PerlAuthzHandler AuthZLDAP and search string PerlSetVar
LDAPfilter
&(userPrincipalName>=[uid])(memberOf=CN=MyUsers,OU=MyOU,DC=tst,DC=local) with
userPrincipalName>= parameter, when using just = is also case sensitive.
But I don't have access to mod_authnz_ldap search string, so when using this
module this issue is present. Can u please make this ldap searches truly case
insensitive?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org