import users into ldap changes case?

perler

We are importing users from a nextcloud installation into cloudron LDAP.

when we import this file:

Tester,tester@domain.com,,Tester Name,

we get this user:

The case of the username has changed from Tester to tester, which is a problem as we sync files from the old nextcloud installation and the data folder of user Tester is

../data/Tester

whereby in the cloudron installation it is

../tester

which gets created at first login instead of using the existing directory.

bug or feature?

jdaviescoates

@perler said in import users into ldap changes case?:

feature

Pretty sure it's intentional that LDAP usernames are always lowercase, as I seem to remember that being included in the release note announcement posts for one of the recent-ish updates...

Yep, here it is:

@girish said in Cloudron 7.2 released:

Ensure LDAP usernames are always treated lowercase

perler

@jdaviescoates all right, this complicates things. Is there a reason for this?

jdaviescoates

@perler said in import users into ldap changes case?:

Is there a reason for this?

Presumably, yes.

I think it's because lots of apps require lowercase usernames.

See eg

@nebulon said in External Directory synchronisation:

Cloudron will always lowercase the username, this is required also to be compatible with apps and how they handle usernames

perler

@jdaviescoates this is quite obviously not quite true, but thanks, we will manage

jdaviescoates

@perler said in import users into ldap changes case?:

this is quite obviously not quite true

what is not quite true? some apps do require lowercase usernames, no?

perler

@jdaviescoates yes, but some apps are case aware, here: nextcloud. I think it's not quite the correct decision to force lowercase as if it is 1968 but as I said, we can work around this.

girish

As @jdaviescoates said, we force small case for compatibility. I understand that in your specific context that being case sensitive might work though.

LDAP itself has a bunch of case sensitivity madness. See https://stackoverflow.com/questions/29897684/is-ldap-dn-case-insensitive and https://www.ibm.com/docs/en/oala/1.3.5?topic=SSPFMY_1.3.5/com.ibm.scala.doc/install/iwa_pinst_ldap_cnf_cse_sen_t.html . I remember we tried to make this case preserving but this causes lots of subtle very hard to debug failures.

There's a lot of things in play here File systems, databases, frameworks, languages... each has their own level of case sensitivity support when it comes to usernames.