LDAP: Improve username case sensitivity support (assist #4821).

[bpindelski]

See https://trac.openmicroscopy.org.uk/ome/ticket/4821.
This is an initial attempt at allowing clients to use a mixed-case username when logging in (this includes CLI, Web and Insight). The changes started off as LDAP-only, but due to the tight coupling between the classes taking part in the user authentication process, the commits had to cover all scenarios (LDAP and non-LDAP).

Warning!
This PR will require the sysadmin to manually lower-case all usernames before setting omero.security.ignore_case to true. This PR doesn't handle experimenter login clashes during such a procedure.
This PR also doesn't solve the omero.ldap.user_lookup_attributes requirement, which could come in a subsequent PR.

To test:

• use a server that has LDAP enabled and some non-LDAP users too,
• set omero.security.ignore_case to true and update all entries in the experimenter table (omename column) so that they are lower-case, e.g.

BEGIN;
update experimenter set omename = lower(omename);
COMMIT;

• restart the server,
• try logging in with mixed case login names (e.g. uSeR-1, rOOt). Logins should work as before.

[atarkowska]

Tested with Virtual Microscope database. All seems to work OK. There were no username conflicts as we use only LDAP

[bpindelski]

@joshmoore or @mtbc: If you see any glaring mistakes in the code, I'd appreciate any comments. Thanks!

[mtbc]

not sure why this bean is more indented

[mtbc]

No obvious horrors at least. (-:

[bpindelski]

@mtbc Thanks, errors now corrected.

[mtbc]

Thank you, good to merge.

[bpindelski]

Final question before merging (probably to @joshmoore): How do we want to expose this? Is documentation required (in a similar "experimental" form as the in-place doc)?

[joshmoore]

@bpindelski : I would think this falls under the "DEVELOPMENT_SETTINGS" heading as we've done with Web, but we don't yet have tools for hiding those (/cc @sbesson). Perhaps for the moment, just add a clear warning and/or link to the proper FAQ in etc/omero.properties so no one tries to use it without knowing the steps they need to take.

[sbesson]

Is it worth blacklisting explicitly from the auto-generated configuration page (https://github.com/openmicroscopy/openmicroscopy/blob/develop/components/tools/OmeroPy/src/omero/install/config_parser.py#L128) ?

[joshmoore]

If you have a suggestion on how to do that, yes.

[bpindelski]

@sbesson, @joshmoore I've updated the text in omero.properties. Please let me know if you want me to add anything to our LDAP docs, as that is what I meant by "exposing". I can try and "hide" the setting once @sbesson points me towards a way of doing that.

[sbesson]

So far, I think we are limited to simply adding omero.security.ignore_case to the BLACK_LIST tuple. This should be enough to prevent this configuration property from appearing in the doc.

[bpindelski]

@sbesson Done.

[sbesson]

Thanks. This is enough for omero.security.ignore to be stripped from snoopycrimecop/ome-documentation@2242f41. As suggested by @joshmoore we may want to move toward a more useful ## EXPERIMENTAL/DEVELOPMENT markup but this is outside the scope of this PR and I can start working on it once this is merged.

[bpindelski]

@sbesson Thanks for checking. The diff from the autogen job highlighted one shortcoming in my previous commit - I didn't change the comment marker to be ##, which I have now corrected. In the next build, the autogen won't have the stray comment included.

[atarkowska]

all good for me

[joshmoore]

http://ci.openmicroscopy.org/job/OMERO-5.1-merge-docs-autogen/72/ certainly doesn't contain the property. 👍

[bpindelski]

--no-rebase