Oddly case-sensitive username?

Issue #286 open
Matt Oswald created an issue

This one is so weird. One of our developers was logging in as 'Ross', while RhodeCode listed his username as 'ross'. No big deal, right? He could visit the website, see repositories, etc.

From the commandline, he'd always get a 500 Server Error message when cloning or pushing, and in the server's logs we found:

{{{ File "c:\hg\rhodecode\venv\lib\site-packages\rhodecode\lib\middleware\simplehg.py", line 136, in call username = user.username AttributeError: 'NoneType' object has no attribute 'username' }}}

Checking his mercurial.ini file, his username was listed as 'Ross'. When I had him try 'ross' instead, it worked just fine.

Extra info: Windows Server 2008, RhodeCode uses LDAP.

Comments (8)

  1. Marcin Kuzminski repo owner
    • changed status to open

    It was an automated account created by first login ? Can you post values that are in DB row for this user ? username and LDAP params

    As i understand correctly login-page allowed login as Ross, but cloning didn't ?

  2. Matt Oswald reporter

    Yes, this was an automated account created through the LDAP.

    His username is 'ross' and the LDAP params are 'CN=Ross Sterva,OU=Employees,DC=company,DC=net'

    Anything from the command line would fail: clone, push, pull, etc, apparently because hg was authenticating as 'Ross' and not 'ross'.

  3. Marcin Kuzminski repo owner

    I can se how LDAP passes auth since it's not case sensitive, while fetching users in middleware is. I'll think of a solution about this. At least now i add forbidden error when user lookup fails

  4. Waldo G
    • changed status to open
    • changed version to 1.3.6

    I am running Rhodecode 1.3.6 on Ubuntu 12.04 with python 2.7.3 proxied by nginx 1.2.1. I have successfully configured Rhodecode to authenticate against LDAP (Windows Server 2003 Active Directory at 2003 Functional Domain Level), and using Google Chrome 19.0.(etc, etc)

    I am experiencing case-sensitive usernames (sAMAccountName) when attempting to authenticate. I am positive that the password is correct each time.

  5. Waldo G

    While I know that LDAP is case-sensitive, in my humble experience LDAP usernames (AD, OpenLDAP) have used case-insensitive filters for matching at least out of convention.

    Adding to further end-user confusion, when a user account is first created, they must obey the case-sensitive username, but after the account is created case-insensitive username is permitted.

  6. Log in to comment