Context Navigation

Modify ↓

#8245 closed defect (worksforme)

UserIDs may be uppercase - breaks fine-grained authorization

Reported by:	tno@…	Owned by:
Priority:	normal	Milestone:
Component:	general	Version:	0.11rc1
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

My site is authenticating against a Novell E-directory LDAP server. When authenticating, E-dir does not distinguish between lower- and uppercase userID's. As a result, userIDs are passed along from the browser to trac in whatever case the user wrote it when logging in.

Instructions for the authz_policy file says that user and group names must be lowercased and that upper-case names are reserved for permissions.

If you log in using an upper-cased userID it seems to me that you are just treated as an authenticated user and that matching against other policy rules simply does not happen. I have not been able to really verify this.

This forces me to tell my (rather IT-naive) users to always use lower-case userIDs. Not so nice.

My client platform is windows/IE7, Ubuntu/Firefox. Same behaviour exhibited. Trac server platform = Ubuntu (Gutsy)

Attachments (0)

Change History (4)

comment:1 by t_norup <tno@…>, 16 years ago

Summary:	UserIDs may be uppercase - breaks fine-grained authentication → UserIDs may be uppercase - breaks fine-grained authorization

follow-up: 3 comment:2 by ebray, 16 years ago

Resolution:	→ worksforme
Status:	new → closed

Set the ignore_case option under the [trac] section in your trac.ini. That will force login names to lower case.

in reply to: 2 comment:3 by t_norup <tno@…>, 16 years ago

Replying to ebray:

Set the ignore_case option under the [trac] section in your trac.ini. That will force login names to lower case.

Brilliant, thanks a lot. I never got the idea to look there… ignore_case might be a reasonable default in future releases.

comment:4 by Jennifer Drummond <jenn@…>, 16 years ago

Thanks; this was giving me problems too.

Modify Ticket

Change Properties

Summary:
Description:	My site is authenticating against a Novell E-directory LDAP server. When authenticating, E-dir does not distinguish between lower- and uppercase userID's. As a result, userIDs are passed along from the browser to trac in whatever case the user wrote it when logging in. Instructions for the authz_policy file says that user and group names must be lowercased and that upper-case names are reserved for permissions. If you log in using an upper-cased userID it seems to me that you are just treated as an `authenticated` user and that matching against other policy rules simply does not happen. I have not been able to really verify this. This forces me to tell my (rather IT-naive) users to always use lower-case userIDs. Not so nice. My client platform is windows/IE7, Ubuntu/Firefox. Same behaviour exhibited. Trac server platform = Ubuntu (Gutsy) You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The ticket will remain with no owner.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from (none) to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: