Cloudron LDAP middle name not correctly propagated

imc67

Lately we got a new user who has a middle name like 'Jan van der Steen'.

I created the user and as always only have the "Full Name" field and filled in the full name 'Jan van der Steen'.

When this user logged into Wordpress it became 'Jan Steen' which is of course wrong. There I could change it and even after re-login it keeps it.

However: when this user logs into FreeScout it is also wrong but there if I change it to the correct version after re-login it is changed back to the wrong version.

Is it possible to split the "Full name" field in the mostly used "First name", "Middle name" and "Last name" and from then on propagate it correctly via LDAP to the various apps?

nebulon

Thanks for bringing that up. Currently we actually do not send any middlename at all over LDAP
https://git.cloudron.io/cloudron/box/-/blob/master/src/ldap.js#L163

I guess we have to add the middleName attribute as specified at https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/17876454-d2fa-43b5-8df4-df94721fb37f

Then we still have to figure out if apps also pick that up correctly.

girish

Currently, we don't have first name and last name separate. I guess we have to make database changes to make this happen. Something for 8.0 maybe?

girish

@imc67 said in Cloudron LDAP middle name not correctly propagated:

When this user logged into Wordpress it became 'Jan Steen' which is of course wrong. There I could change it and even after re-login it keeps it.

Actually, thinking a bit more, this is because the WP LDAP plugin specifically wants the first name and last name separate. Most apps don't want it this way. Maybe we can fix the WP plugin to not want the names separate. Even if we add middle name support, the WP plugin has to be fixed to fetch the middle name which it currently doesn't.

robi

why not include the middle part as the complete last name?

That's what happens with many other names that have spaces , apostrophes or other punctuation in their last names.

imc67

@robi @girish that’s what I do now manually in WP and FreeScout as there are no middle name fields too. So it becomes:

First name: Jan
Last name: van der Steen

girish

On Cloudron side, because we have only one input box, we simplistically just split on space and use the first and last words as first and last name. The middle name is just never exposed via LDAP. Obviously, this will break in a variety of names on apps that use separate first and last names.

imc67

@girish then this will also give issues with people who has a double first name like Marie Therese van der Steen will be Marie Steen or double last names like Marie Therese van der Steen tot Oberndorff and that is also absolutely unacceptable.

Maybe the solution is simple: your code is trying to divide the first and last names. If you create only a First Name and Last Name field and migrate current users accoding to the current code. Then admins are able to correct all double first, lastnames and add middle names to lastnames?

btw: the names here are of course fiction but the names by itself do excist.

girish

@imc67 while there is an issue in Cloudron with how it treats the names, I think what's actually needed is to fix the WP plugin. Practically none of the app require the first name and last name separated. Meaning, fixing the cloudron code may not actually fix your problem.

I did a quick check, the following apps will have trouble:

moodle-app
redmine-app
openproject-app
wordpress-managed
matomo-app
metabase-app
dolibarr-app

Just going through the apps now to see if they support "middle name".

girish

moodle - https://docs.moodle.org/401/en/LDAP_authentication#Data_Mapping no middle name support

redmine - https://www.redmine.org/projects/redmine/wiki/RedmineLDAP no middle name

openproject - cannot find a link but has no middle name support

metabase - https://www.metabase.com/docs/latest/configuring-metabase/environment-variables no middle name support

ok, I will stop here.

girish

@imc67 Generally, if a software has first name and last name as separate input boxes, do you just skip the middle name? Or do you put the middle name along in the last name input box? I think we can arrive at some workaround based on your answer.

imc67

@girish the middle name can be added in front of the last name. But hen what about the second first name? You wrote the Cloudron code only takes the first word and the last word?

nebulon

For further clarification Cloudron generally only takes a free form field for the name (basically firstname + lastname)

In LDAP this will be set as the displayName which is what most apps should use. But there are also givenName (firstname) and sn (surname) LDAP attributes, which we fill based on the first and the last word of that input field value.

jdaviescoates

@nebulon said in Cloudron LDAP middle name not correctly propagated:

In LDAP this will be set as the displayName which is what most apps should use. But there are also givenName (firstname) and sn (surname) LDAP attributes, which we fill based on the first and the last word of that input field value.

If I've understood correctly what @imc67 is saying is why not:

1. Keep givenName (firstname) as the first word, just as you have it
2. Make sn (surname) all the rest of the words (not just the last word) to catch middle names and unhyphenated surnames with multiple words.

Sounds sensible to me. Is there a reason that wouldn't work?

subven

@girish said in Cloudron LDAP middle name not correctly propagated:

Currently, we don't have first name and last name separate.

This would be also really nice in terms of privacy because I (and many others) don't want their full name exposed in certain apps and I had to come up with some workarounds in the past to ensure that.

girish

Thanks for the input. I guess we have to have separate input boxes for first and last name in Cloudron to fix this. And also store them separately in the database instead of a single displayname field.

imc67

@girish