This question about Authentication or Authorisation: Answered

mangled WikiName from LDAP

Hello,

I am using Foswiki 1.0.9 on Debian Lenny x86_64 as installed from

http://fosiki.com/Foswiki_debian/ stable main contrib

I also have foswiki-ldapcontrib version 091118-207 installed, again from the Debian stable repository.

My goal is to have a user authenticate to Apache and have REMOTE_USER set and for that value in REMOTE_USER to be used to look up the WikiName in LDAP for the user. At this time REMOTE_USER is equal to the WikiName that I want used, but that may not always be true.

I am using

  • $Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::LdapApacheLogin';
I have verified that Apache is setting REMOTE_USER to ScottKoranda when I authenticate and gain access to my Foswiki installation.

I also have set the following:

  • $Foswiki::cfg{Ldap}{LoginAttribute} = 'x-LIGO-TWikiName';
  • $Foswiki::cfg{Ldap}{WikiNameAttribute} = 'x-LIGO-TWikiName';
  • $Foswiki::cfg{Ldap}{NormalizeWikiNames} = 0;
  • $Foswiki::cfg{Ldap}{NormalizeLoginNames} = 0;
In LDAP I have this for my record:

dn: employeeNumber=882,ou=people,dc=ligo,dc=org
 employeeNumber=882
 givenName: Scott
 sn: Koranda
 x-LIGO-TWikiName: ScottKoranda

So I expect Foswiki to show "Hello ScottKoranda" when I access the wiki. But instead I see "Hello Scottkoranda".

Why is ScottKoranda being mangled to Scottkoranda and how can I stop it?

ANSWER

The code in LdapContrib.pm in a number of places calls lc to send the login name to lowercase, i.e.

$login = lc($login);

There is also a place in the subroutine normalizeWikiName where this code is called:

my $wikiName = '';
  foreach my $part (split(/[^$Foswiki::regex{mixedAlphaNum}]/, $name)) {
    $wikiName .= ucfirst(lc($part));
  }

  return $wikiName;

I do not understand why this is done. I don't believe it to be any type of LDAP best practice.

I commented out the calls to lc and in normalizeWikiName I just set

$wikiName = $name;

and it works the way I need it to work now.

-- ScottKoranda


You above patch seems to makes normalizing wikinames a null operation, doesn't it. The same effect could be achieved by disabling $Foswiki::cfg{Ldap}{NormalizeWikiNames}

-- MichaelDaum - 06 Sep 2010


I did already have $Foswiki::cfg{Ldap}{NormalizeWikiNames}=0.

There are places in LdapContrib.pm where the lowercase is applied even though normalization is switched off. For example in the subroutine cacheUserFromEntry there is this code:

  require Unicode::MapUTF8;
  $loginName = lc($loginName);
  $loginName = Unicode::MapUTF8::from_utf8(-string=>$loginName, -charset=>$Foswiki::cfg{Site}{CharSet})
    unless $Foswiki::cfg{Site}{CharSet} =~ /^utf-?8$/i;

  if ($this->{normalizeLoginName}) {
    $loginName = $this->normalizeLoginName($loginName);
  }

So even though normalizeLoginName is false the lc is called once.

So I found that I did have to edit the code directly to remove the calls to lc.

Thanks,

-- ScottKoranda - 06 Sep 2010

QuestionForm edit

Subject Authentication or Authorisation
Extension LdapContrib
Version Foswiki 1.0.9
Status Answered
Topic revision: r4 - 06 Sep 2010, ScottKoranda - This page was cached on 10 Jan 2018 - 07:16.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License