Postgres uid is case sensitive

By: David Kananen named 09 Oct 2024 at 12:37 p.m. CDT

9 Responses
David Kananen gravatar
We are standing up a new Gluu server with Postgres as the backing storage and have noticed that uid's are being treated as case sensitive during login whereas LDAP was treating them as case insensitive. In researching I discovered this ticket where it was discussed that uid's should not be case sensitive: https://support.gluu.org/authentication/9138/case-sensitive-uid/ Is there a way to change the Postgres-backed configuration so that uid's are not case sensitive during login?
Gluu 4.5 Ubuntu 22.0
inprogress

Answers

By Mohib Zico Account Admin 09 Oct 2024 at 1:17 p.m. CDT

Copy
Mohib Zico gravatar
Interesting, I'll check it.

By David Kananen named 15 Oct 2024 at 10:10 a.m. CDT

Copy
David Kananen gravatar
Any word on this?

By Mohib Zico Account Admin 15 Oct 2024 at 10:16 p.m. CDT

Copy
Mohib Zico gravatar
Hello David, Sorry, i was side tracked. Going to start work on this again today...

By Mohib Zico Account Admin 16 Oct 2024 at 7:52 a.m. CDT

Copy
Mohib Zico gravatar
Hello again David, I just tried with latest 4.5.3 but couldn't reproduce the issue. I have created a test user for you to test... here it is: - https://mzico-wondrous-marlin.gluu.info/ - tester / tester@gluu.org

By David Kananen named 16 Oct 2024 at 8 a.m. CDT

Copy
David Kananen gravatar
I think you meant 4.5.5 as that's what your test server shows, and also what I'm running. This is interesting, because it's clearly different than the behavior we're seeing. I will try to stand up a new 4.5.5 server with a local Postgres install from the installation script to see if maybe it's a difference in the Postgres configuration of our pre-existing server. I'll let you know what I find.

By Mohib Zico Account Admin 16 Oct 2024 at 8:04 a.m. CDT

Copy
Mohib Zico gravatar
>> I think you meant 4.5.5 as that's what your test server shows, and also what I'm running. This is interesting, because it's clearly different than the behavior we're seeing. Sorry, yes: `gluu-server_4.5.5-3~ubuntu22.04` >> I will try to stand up a new 4.5.5 server with a local Postgres install from the installation script to see if maybe it's a difference in the Postgres configuration of our pre-existing server. I'll let you know what I find. Yes, let Gluu Server install postgres piece as well with setup script.

By David Kananen named 17 Oct 2024 at 12:37 p.m. CDT

Copy
David Kananen gravatar
When I install a new Gluu server with the local Postgres option, the admin user is then able to login with a case-insensitive user name as expected. I was also able to manually add a 2nd user and verify the same. However I discovered that the problem starts after this point, when I turn on cache refresh and configure it to load users from our company's LDAP and set the default authentication method to use that. Once I do that, I'm unable to log in with the original admin account at all, and all the users that are created from our company's LDAP must log in with a case sensitive match on their username. This is different from the behavior I see when using LDAP as the Gluu server's backing storage. In that case I am still able to log in with the original admin user and company users loaded from LDAP can log in with case-insensitive usernames.

By Mohib Zico Account Admin 17 Oct 2024 at 12:50 p.m. CDT

Copy
Mohib Zico gravatar
Hello David, >> Once I do that, I'm unable to log in with the original admin account at all,... That's normal because, your authentication mode is searching for user 'admin' in your company's LDAP and it don't see anything like that. >> .... and all the users that are created from our company's LDAP must log in with a case sensitive match on their username. That's not usual. I will check to load some users with Cache Refresh. >> This is different from the behavior I see when using LDAP as the Gluu server's backing storage. In that case I am still able to log in with the original admin user... May be your "Manage Authentication" section has some configuration than default one? Some script or some configuration which is reading both 'localhost' and 'remote company ldap'?

By David Kananen named 17 Oct 2024 at 1:25 p.m. CDT

Copy
David Kananen gravatar
When using LDAP as backing storage, we leave the original auth_ldap_server active as well as adding/activating a 2nd LDAP server for our company. In this way we are still able to log in with the original admin user. When using Postgres, it seems that deactivating the auth_ldap_server is required as we get errors on startup otherwise. So I'm assuming that's why we lose the ability to login with the admin user. In any case I'm not too worried about this part. The primary concern is the users created from our company's LDAP requiring case sensitive usernames.

Post an answer