Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3722

LDAP users with mixed case username can lose group memberships during authentication

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Low Low
    • None
    • 2.7
    • Directory - LDAP
    • None

      Steps to reproduce:

      1. Bring up ApacheDS 1.0 with the attached ldif
      2. Configure ApacheDS as a Connector in Crowd
        1. Base DN: dc=example,dc=com
        2. User DN: ou=users
        3. Group DN: ou=groups
      3. Go to Groups/confluence-users/Group Members and check that CapsUser is a member
      4. Go to Applications/crowd/Directories and allow everyone to authenticate from the connector
      5. Perform Authentication Test with CapsUser/password1 credentials
      6. Go to Groups/confluence-users/Group Members

      Expected outcome:
      CapsUser is still a member of confluence-users group

      Actual outcome:
      CapsUser is not a member of confluence-users group any more. Synchronising the directory again will add the membership back.

      I could not reproduce this problem with Crowd 2.6.5. I did some debugging and the problem seems to happen when we look for user's group memberships during authentication with an ldap query with a condition like this: (uniqueMember=cn=capsuser,ou=users,dc=example,dc=com). ApacheDS 1.0 does case-sensitive comparisons for uniqueMember attribute values, so that filter does not match anything. Changing it to (uniqueMember=cn=CapsUser,ou=users,dc=example,dc=com) makes it match correctly.

              Unassigned Unassigned
              onevalainen Olli Nevalainen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: