Bug 61702 - Search active directory case sensitive
Summary: Search active directory case sensitive
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authnz_ldap (show other bugs)
Version: 2.4.6
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-31 09:59 UTC by Pavel Sazonov
Modified: 2017-10-31 09:59 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Sazonov 2017-10-31 09:59:51 UTC
When using mod_auth_kerb for authentication, you get REMOTE_USER variable looking like this: Username@REALM.
For example, you can get UpCaseUser@TST.LOCAL or lowercaseuser@TST.LOCAL. Then, you can try to convert this username to "local", and sometimes you get UpCaseUser and lowercaseuser, sometimes upcaseuser@tst.local and lowercaseuser@tst.local, it depends on your server and krb5.conf config. But AD UPN still will be UpCaseUser@tst.local or lowercaseuser@tst.local
So, when u try to search for user with capital letters you get a error. In many many internet pages, where configuration is described, they just use aSAMaccountname instead of UPN, loosing domain username part.
It would be much better to make user search case insensitive and use UPN search and original kerberos authentication username like this: Username@REALM.
I can make it using PerlAuthzHandler AuthZLDAP and search string PerlSetVar LDAPfilter &(userPrincipalName>=[uid])(memberOf=CN=MyUsers,OU=MyOU,DC=tst,DC=local) with userPrincipalName>= parameter, when using just = is also case sensitive.
But I don't have access to mod_authnz_ldap search string, so when using this module this issue is present. Can u please make this ldap searches truly case insensitive?