Unsolved Cloudron LDAP middle name not correctly propagated
-
Lately we got a new user who has a middle name like 'Jan van der Steen'.
I created the user and as always only have the "Full Name" field and filled in the full name 'Jan van der Steen'.
When this user logged into Wordpress it became 'Jan Steen' which is of course wrong. There I could change it and even after re-login it keeps it.
However: when this user logs into FreeScout it is also wrong but there if I change it to the correct version after re-login it is changed back to the wrong version.
Is it possible to split the "Full name" field in the mostly used "First name", "Middle name" and "Last name" and from then on propagate it correctly via LDAP to the various apps?
-
Thanks for bringing that up. Currently we actually do not send any middlename at all over LDAP
https://git.cloudron.io/cloudron/box/-/blob/master/src/ldap.js#L163I guess we have to add the
middleNameattribute as specified at https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/17876454-d2fa-43b5-8df4-df94721fb37fThen we still have to figure out if apps also pick that up correctly.
-
Topic has been marked as a question
nebulon
-
Currently, we don't have first name and last name separate. I guess we have to make database changes to make this happen. Something for 8.0 maybe?
-
@imc67 said in Cloudron LDAP middle name not correctly propagated:
When this user logged into Wordpress it became 'Jan Steen' which is of course wrong. There I could change it and even after re-login it keeps it.
Actually, thinking a bit more, this is because the WP LDAP plugin specifically wants the first name and last name separate. Most apps don't want it this way. Maybe we can fix the WP plugin to not want the names separate. Even if we add middle name support, the WP plugin has to be fixed to fetch the middle name which it currently doesn't.
-
why not include the middle part as the complete last name?
That's what happens with many other names that have spaces , apostrophes or other punctuation in their last names.
-
-
On Cloudron side, because we have only one input box, we simplistically just split on space and use the first and last words as first and last name. The middle name is just never exposed via LDAP. Obviously, this will break in a variety of names on apps that use separate first and last names.
-
@girish then this will also give issues with people who has a double first name like Marie Therese van der Steen will be Marie Steen or double last names like Marie Therese van der Steen tot Oberndorff and that is also absolutely unacceptable.
Maybe the solution is simple: your code is trying to divide the first and last names. If you create only a First Name and Last Name field and migrate current users accoding to the current code. Then admins are able to correct all double first, lastnames and add middle names to lastnames?
btw: the names here are of course fiction but the names by itself do excist.
-
@imc67 while there is an issue in Cloudron with how it treats the names, I think what's actually needed is to fix the WP plugin. Practically none of the app require the first name and last name separated. Meaning, fixing the cloudron code may not actually fix your problem.
I did a quick check, the following apps will have trouble:
moodle-app
redmine-app
openproject-app
wordpress-managed
matomo-app
metabase-app
dolibarr-appJust going through the apps now to see if they support "middle name".
-
moodle - https://docs.moodle.org/401/en/LDAP_authentication#Data_Mapping no middle name support
redmine - https://www.redmine.org/projects/redmine/wiki/RedmineLDAP no middle name
openproject - cannot find a link but has no middle name support
metabase - https://www.metabase.com/docs/latest/configuring-metabase/environment-variables no middle name support
ok, I will stop here.
-
@imc67 Generally, if a software has first name and last name as separate input boxes, do you just skip the middle name? Or do you put the middle name along in the last name input box? I think we can arrive at some workaround based on your answer.
-
@girish the middle name can be added in front of the last name. But hen what about the second first name? You wrote the Cloudron code only takes the first word and the last word?
-
For further clarification Cloudron generally only takes a free form field for the name (basically firstname + lastname)
In LDAP this will be set as the
displayNamewhich is what most apps should use. But there are alsogivenName(firstname) andsn(surname) LDAP attributes, which we fill based on the first and the last word of that input field value. -
@nebulon said in Cloudron LDAP middle name not correctly propagated:
In LDAP this will be set as the displayName which is what most apps should use. But there are also givenName (firstname) and sn (surname) LDAP attributes, which we fill based on the first and the last word of that input field value.
If I've understood correctly what @imc67 is saying is why not:
- Keep givenName (firstname) as the first word, just as you have it
- Make sn (surname) all the rest of the words (not just the last word) to catch middle names and unhyphenated surnames with multiple words.
Sounds sensible to me. Is there a reason that wouldn't work?
-
@girish said in Cloudron LDAP middle name not correctly propagated:
Currently, we don't have first name and last name separate.
This would be also really nice in terms of privacy because I (and many others) don't want their full name exposed in certain apps and I had to come up with some workarounds in the past to ensure that.
-
Thanks for the input. I guess we have to have separate input boxes for first and last name in Cloudron to fix this. And also store them separately in the database instead of a single displayname field.
-
