Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP auth vs database auth case sensitivity leads to HTTP 500 #3516

Closed
megasaturnv opened this issue Jul 1, 2022 · 5 comments
Closed

LDAP auth vs database auth case sensitivity leads to HTTP 500 #3516

megasaturnv opened this issue Jul 1, 2022 · 5 comments
Assignees
Milestone

Comments

@megasaturnv
Copy link
Contributor

megasaturnv commented Jul 1, 2022

To allow Zoneminder to authenticate with LDAP an admin will set AUTH_TYPE to "remote" and configure apache to authenticate with the LDAP server. Then, the same username is created in Zoneminder. Problem is, LDAP authentication is case insensitive a user can login with a valid account which doesn't match the case used for Zoneminder's user.

e.g. user in Zoneminder's database might be "John.Doe" but LDAP would allow "john.doe" to authenticate

After authenticating with the correct username but doesn't match the exact case used for the user in the Zoneminder database, the user is given a HTTP error 500

A temporary solution we have is to change

$user = dbFetchOne($sql, NULL, array($_SERVER['REMOTE_USER']));

to $user = dbFetchOne($sql, NULL, array(strtolower($_SERVER['REMOTE_USER']))); and then only create lower-case usernames in Zoneminder's database. But, we have to change this file manually after every update. I was thinking of making a pull request for this, but it would break users that just use simple "htpasswd" authentication (and don't use lower case usernames)

Are there any long-term solutions for this? Thanks

Extra info, to follow the issue template:

@megasaturnv megasaturnv changed the title LDAP auth vs database case sensitivity leads to HTTP 500 LDAP auth vs database auth case sensitivity leads to HTTP 500 Jul 1, 2022
@connortechnology
Copy link
Member

I think we would simply add an additional configuration option, telling ZM to use this code. Something like ZM_CASE_INSENSITIVE_USERNAMES. Then people can do whatever they need to do. Pretty trivial. Do you want to fund an hour of my time to get it into the next ZM release?

@connortechnology connortechnology self-assigned this Aug 26, 2022
@connortechnology connortechnology added this to the 1.36.25 milestone Aug 26, 2022
@megasaturnv
Copy link
Contributor Author

Thanks. I'll fork it and do a PR

@megasaturnv
Copy link
Contributor Author

Thanks!

connortechnology pushed a commit that referenced this issue Sep 13, 2022
connortechnology pushed a commit that referenced this issue Sep 13, 2022
megasaturnv added a commit to megasaturnv/zoneminder that referenced this issue Sep 21, 2022
megasaturnv added a commit to megasaturnv/zoneminder that referenced this issue Sep 21, 2022
connortechnology added a commit that referenced this issue Sep 21, 2022
@megasaturnv
Copy link
Contributor Author

Just re-opening this issue to check something. Do I need to do a PR specifically to merge these changes into release-1.36 (rather than master), or are these changes scheduled to be in the next major release?

I don't mind doing a fresh PR for this and testing again if needed, since there are major differences between master and release-1.36.

Thanks!

@megasaturnv megasaturnv reopened this Oct 10, 2022
connortechnology pushed a commit that referenced this issue Oct 11, 2022
connortechnology pushed a commit that referenced this issue Oct 11, 2022
@connortechnology
Copy link
Member

It has been merged to release-1.36 and will be released in 1.36.29 today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants