[JENKINS-12607] Active directory user names should not be case sensitive.

Type: Bug
Resolution: Unresolved
Priority: Blocker
Component/s: active-directory-plugin
Labels:
None
Environment:
Windows Server 2008.

Similar Issues:
Powered by SuggestiMate

Show

Active directory user names should not be case sensitive. For example if I add the user "paul" then I would expect to be able to also login as "Paul", "pAul" or any other case combination.

At the moment this won't match any user name and fail to login the user in, or worse match none and apply "authenticated user" permissions. This seems to confuse a lot of users.

If there is a use case where case sensitivity is required then I think there should be a toggle option to enable or disable it.

is related to

JENKINS-22247 Provide an extension point to define user id case sensitivity contract

Resolved

JENKINS-19409 Support case-insensitive mode for user IDs

Resolved

JENKINS-17674 Expand SecurityRealm to support case insensitivity better

Resolved

Paul M created issue - 2012-01-31 14:19

Kohsuke Kawaguchi added a comment - 2012-04-26 21:07

As of 1.26 I cannot reproduce this. Please report a stack trace.

(But toward 1.27, I made the change that once logged in the user name gets canonicalized)

Kohsuke Kawaguchi added a comment - 2012-04-26 21:07 As of 1.26 I cannot reproduce this. Please report a stack trace. (But toward 1.27, I made the change that once logged in the user name gets canonicalized)

SCM/JIRA link daemon added a comment - 2012-04-27 02:45

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/8b4c00a79201b605908d5d8983a7c719b0d645ff
Log:
JENKINS-12607 canonicalize the name.

SCM/JIRA link daemon added a comment - 2012-04-27 02:45 Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/8b4c00a79201b605908d5d8983a7c719b0d645ff Log: JENKINS-12607 canonicalize the name.

dogfood added a comment - 2012-04-27 02:47

Integrated in plugins_active-directory #62
JENKINS-12607 canonicalize the name. (Revision 8b4c00a79201b605908d5d8983a7c719b0d645ff)

Result = SUCCESS
Kohsuke Kawaguchi :
Files :

src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

dogfood added a comment - 2012-04-27 02:47 Integrated in plugins_active-directory #62 JENKINS-12607 canonicalize the name. (Revision 8b4c00a79201b605908d5d8983a7c719b0d645ff) Result = SUCCESS Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

Gavin Mogan added a comment - 2012-04-28 06:40

I only just now found out about the bug. I am so happy its now been fixed, its always been a minor annoyance for me.

Gavin Mogan added a comment - 2012-04-28 06:40 I only just now found out about the bug. I am so happy its now been fixed, its always been a minor annoyance for me.

Kohsuke Kawaguchi added a comment - 2012-05-08 01:28

Sorry, this isn't fixed yet. It caused a serious regression ~~JENKINS-13650~~ and needed to be backed out.

Kohsuke Kawaguchi added a comment - 2012-05-08 01:28 Sorry, this isn't fixed yet. It caused a serious regression JENKINS-13650 and needed to be backed out.

Kohsuke Kawaguchi added a comment - 2012-05-08 01:35

The regression was that various code in Jenkins actually persists the user name (such as the matrix security.) So any kind of automatic canonicalization results in name mismatch, resulting in a loss of permissions.

The proper fix needs to be in the core where SecurityRealm would decide whether the username/groupname is case sensitive.

Kohsuke Kawaguchi added a comment - 2012-05-08 01:35 The regression was that various code in Jenkins actually persists the user name (such as the matrix security.) So any kind of automatic canonicalization results in name mismatch, resulting in a loss of permissions. The proper fix needs to be in the core where SecurityRealm would decide whether the username/groupname is case sensitive.

SCM/JIRA link daemon added a comment - 2012-05-08 01:35

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
http://jenkins-ci.org/commit/active-directory-plugin/15a8a87bc333a12ead447425075df3bdafd7625c
Log:
[FIXED JENKINS-13650] Revert "JENKINS-12607 canonicalize the name."

This reverts commit 8b4c00a79201b605908d5d8983a7c719b0d645ff.

Compare: https://github.com/jenkinsci/active-directory-plugin/compare/e8943e7...15a8a87

SCM/JIRA link daemon added a comment - 2012-05-08 01:35 Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java http://jenkins-ci.org/commit/active-directory-plugin/15a8a87bc333a12ead447425075df3bdafd7625c Log: [FIXED JENKINS-13650] Revert " JENKINS-12607 canonicalize the name." This reverts commit 8b4c00a79201b605908d5d8983a7c719b0d645ff. Compare: https://github.com/jenkinsci/active-directory-plugin/compare/e8943e7...15a8a87

dogfood added a comment - 2012-05-08 02:03

Integrated in plugins_active-directory #63
[FIXED JENKINS-13650] Revert "JENKINS-12607 canonicalize the name." (Revision 15a8a87bc333a12ead447425075df3bdafd7625c)

Result = SUCCESS
Kohsuke Kawaguchi :
Files :

src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

dogfood added a comment - 2012-05-08 02:03 Integrated in plugins_active-directory #63 [FIXED JENKINS-13650] Revert " JENKINS-12607 canonicalize the name." (Revision 15a8a87bc333a12ead447425075df3bdafd7625c) Result = SUCCESS Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

Harpreet Nain added a comment - 2013-04-18 06:54

We are experiencing the same issue. We have around 100 users and to add each one with different uppercase and lowercase permutations is not very elegant to manage authorization. Is this planned to fixed soon?

Harpreet Nain added a comment - 2013-04-18 06:54 We are experiencing the same issue. We have around 100 users and to add each one with different uppercase and lowercase permutations is not very elegant to manage authorization. Is this planned to fixed soon?

Assignee:: Unassigned

Reporter:: Paul M

Votes:: 26 Vote for this issue

Watchers:: 29 Start watching this issue

Created:: 2012-01-31 14:19

Updated:: 2017-04-17 07:20

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Kohsuke Kawaguchi added a comment - 2012-04-26 21:07

Expand comment: Kohsuke Kawaguchi added a comment - 2012-04-26 21:07

Collapse comment: SCM/JIRA link daemon added a comment - 2012-04-27 02:45

Expand comment: SCM/JIRA link daemon added a comment - 2012-04-27 02:45

Collapse comment: dogfood added a comment - 2012-04-27 02:47

Expand comment: dogfood added a comment - 2012-04-27 02:47

Collapse comment: Gavin Mogan added a comment - 2012-04-28 06:40

Expand comment: Gavin Mogan added a comment - 2012-04-28 06:40

Collapse comment: Kohsuke Kawaguchi added a comment - 2012-05-08 01:28

Expand comment: Kohsuke Kawaguchi added a comment - 2012-05-08 01:28

Collapse comment: Kohsuke Kawaguchi added a comment - 2012-05-08 01:35

Expand comment: Kohsuke Kawaguchi added a comment - 2012-05-08 01:35

Collapse comment: SCM/JIRA link daemon added a comment - 2012-05-08 01:35

Expand comment: SCM/JIRA link daemon added a comment - 2012-05-08 01:35

Collapse comment: dogfood added a comment - 2012-05-08 02:03

Expand comment: dogfood added a comment - 2012-05-08 02:03

Collapse comment: Harpreet Nain added a comment - 2013-04-18 06:54

Expand comment: Harpreet Nain added a comment - 2013-04-18 06:54

People

Dates