[Product-Developers] Too much case sensitivity (LDAPMultiPlugins, PASSSL)
Alberto Lopes
alberto at alopes.com
Fri Aug 8 09:30:05 UTC 2008
Wichert Akkerman wrote:
>
> Why would you need to lowercase there? If you lowercase on extraction
>
That's exactly my problem. You see, I have detected the problem at first in
cases where the userid in the certificate is, say, johndoe and the userid in
AD is JohnDoe.
So, the userid in the certificate is already lowercased. Elaborating on the
example, I can use the sharing tab of an item to search users in AD. In the
case, I enter "Doe" in the search user field and Plone finds and shows "John
Doe" as the full name.
Supposing I give "Can edit" role to that user, and I later go to the local
roles area of the security tab of that item in ZMI, I can see that the role
Editor was assigned to user JohnDoe.
John then logs into Plone correctly: PASSSL can find the User object because
the userid that is sent to AD is the one on the certificate, but AD does not
care about the case in the userid.
But then John goes to the page where he's an editor: Plone uses that
lowercased userid (or so it seems to me) to check against the list of global
and/or local roles. But it does not find any "johndoe", just "JohnDoe" ...
I hope I was boring with too much detail here...
--
View this message in context: http://n2.nabble.com/Too-much-case-sensitivity-%28LDAPMultiPlugins%2C-PASSSL%29-tp679232p680244.html
Sent from the Product Developers mailing list archive at Nabble.com.
More information about the Product-Developers
mailing list