graylog2-web-interface
graylog2-web-interface copied to clipboard
graylog-labs
User names are case sensitive
We have LDAP integration for Graylog for authentication, and when we log in using different cases, a new user is generated in the system. Graylog is creating new users for different character cases (e.g. askmeaks, ASKMEAKS, askMeaks etc. are all different users). User names should be case in-sensitive.
The fix seems very simple, we should take the DN used by the bind action. If the world is sane that will have a consistent case.
In fact this is not simple to fix at all, but it seems the best option anyway.
We will create a migration command for existing users, but it is unlikely that we can automatically merge existing accounts.
We could/should add a configuration setting for this but I don't think usernames should be treated case-insensitive in general.
EDIT: The uid attribute is case-insensitive so this is why new users would be created with a different upper-/lowercase writing. But since people could use another attribute for retrieving user names from LDAP, I wouldn't like to hardcode this. Maybe an option (by default enabled) to lowercase user names before fetching them from LDAP would work.
If users with the same name are found during login (i.e. same letters but different case), an error will be logged during login and logging in will fail. The administrator needs to clean up these accounts manually, there is no automatic way to merge this, so a migration tool does not make any sense.
In fact after debating the broken solution in the branch above, as well as some alternatives, this seems way too risky for 1.0. Postponing it until we have found a proper way of dealing with this problem.
+1. We seem to have people routinely log in using different case - and end up with different accounts. Really weird, even I have two accounts: "[email protected]" and "[email protected]" - and yet I can't recall ever logging in with the latter
