New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP: Improve username case sensitivity support (assist #4821). #3078
Conversation
Tested with Virtual Microscope database. All seems to work OK. There were no username conflicts as we use only LDAP |
@joshmoore or @mtbc: If you see any glaring mistakes in the code, I'd appreciate any comments. Thanks! |
<constructor-arg index="7" value=""/> | ||
</bean> | ||
|
||
<bean id="testIgnoreCase" class="java.lang.Boolean"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure why this bean is more indented
No obvious horrors at least. (-: |
@mtbc Thanks, errors now corrected. |
Thank you, good to merge. |
Final question before merging (probably to @joshmoore): How do we want to expose this? Is documentation required (in a similar "experimental" form as the in-place doc)? |
@bpindelski : I would think this falls under the "DEVELOPMENT_SETTINGS" heading as we've done with Web, but we don't yet have tools for hiding those (/cc @sbesson). Perhaps for the moment, just add a clear warning and/or link to the proper FAQ in |
Is it worth blacklisting explicitly from the auto-generated configuration page (https://github.com/openmicroscopy/openmicroscopy/blob/develop/components/tools/OmeroPy/src/omero/install/config_parser.py#L128) ? |
If you have a suggestion on how to do that, yes. |
@sbesson, @joshmoore I've updated the text in |
So far, I think we are limited to simply adding |
@sbesson Done. |
Thanks. This is enough for |
@sbesson Thanks for checking. The diff from the autogen job highlighted one shortcoming in my previous commit - I didn't change the comment marker to be |
all good for me |
http://ci.openmicroscopy.org/job/OMERO-5.1-merge-docs-autogen/72/ certainly doesn't contain the property. 👍 |
LDAP: Improve username case sensitivity support (assist #4821).
--no-rebase |
All external password provider lookups are case-sensitive and non-configurable by default See: ome/openmicroscopy#3078
See https://trac.openmicroscopy.org.uk/ome/ticket/4821.
This is an initial attempt at allowing clients to use a mixed-case username when logging in (this includes CLI, Web and Insight). The changes started off as LDAP-only, but due to the tight coupling between the classes taking part in the user authentication process, the commits had to cover all scenarios (LDAP and non-LDAP).
Warning!
This PR will require the sysadmin to manually lower-case all usernames before setting
omero.security.ignore_case
totrue
. This PR doesn't handle experimenter login clashes during such a procedure.This PR also doesn't solve the
omero.ldap.user_lookup_attributes
requirement, which could come in a subsequent PR.To test:
omero.security.ignore_case
totrue
and update all entries in the experimenter table (omename column) so that they are lower-case, e.g.uSeR-1
,rOOt
). Logins should work as before.