Is bottin case insensitive? Is it required by LDAP? #7

New issue

Open

opened 2021-08-18 06:41:19 +00:00 by quentin · 2 comments

quentin commented 2021-08-18 06:41:19 +00:00

Owner

Copy link

My questions come from the following remark:

j'ai vu un bug sur la page de connexion de riot.deuxfleurs: si je rentre mon identifiant avec des majuscules, j'ai un message du type "votre session a expirée", et la page freeze. Si tu pense que c'est intéressant à faire remonter et que tu connais le canal approprié, je veux vien que tu m'indique le dit canal ;-)

I can reproduce this behavior:

This behavior looks like bottin authorized the connection through the uppercase login but then Matrix crashed because the account does not exist. I would say bottin is case insensitive and matrix case sensitive. Or the opposite.

We should at least investigate.

My questions come from the following remark: > j'ai vu un bug sur la page de connexion de riot.deuxfleurs: si je rentre mon identifiant avec des majuscules, j'ai un message du type "votre session a expirée", et la page freeze. Si tu pense que c'est intéressant à faire remonter et que tu connais le canal approprié, je veux vien que tu m'indique le dit canal ;-) I can reproduce this behavior:  This behavior looks like bottin authorized the connection through the uppercase login but then Matrix crashed because the account does not exist. I would say bottin is case insensitive and matrix case sensitive. Or the opposite. We should at least investigate.

Capture d’écran de 2021-08-18 08-43-21.png

253 KiB

lx commented 2021-08-18 11:04:24 +00:00

Owner

Copy link

Bottin is mostly case insensitive, but maybe at the wrong places. I think the question is whether a full DN such as cn=quentin,ou=users,dc=deuxfleurs,dc=fr should be matched case-sensitively or not. Since matching is case-insensitive almost everywhere (attribute names, searching in values) it doesn't seem very logical that we make this specific aspect case-sensitive, but if that's in the LDAP spec maybe we should. In all cases I think we should target compliance with the official LDAP specification here.

Bottin is mostly case insensitive, but maybe at the wrong places. I think the question is whether a full DN such as `cn=quentin,ou=users,dc=deuxfleurs,dc=fr` should be matched case-sensitively or not. Since matching is case-insensitive almost everywhere (attribute names, searching in values) it doesn't seem very logical that we make this specific aspect case-sensitive, but if that's in the LDAP spec maybe we should. In all cases I think we should target compliance with the official LDAP specification here.

quentin added the

bug

label 2021-09-17 15:23:03 +00:00

quentin commented 2021-09-17 15:26:05 +00:00

Author

Owner

Copy link

LDAP seems to be mostly case INsensitive.
https://ldapwiki.com/wiki/Case-sensitive

I keep this issue open as it might be interesting to still act.
Maybe the next step should be to open an issue on synapse ldap module.

LDAP seems to be mostly case INsensitive. https://ldapwiki.com/wiki/Case-sensitive I keep this issue open as it might be interesting to still act. Maybe the next step should be to open an issue on synapse ldap module.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/better-docker

lowercase_scheme

test-go-Bottin

No results found.

Labels

Clear labels   

bug

Something does not work as intended

  

doc

Explain how Bottin works

  

engineering

We want to improve our code

  

feature

New exciting things we want!

No labels

bug

doc

engineering

feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/bottin#7

No description provided.