8000 Existing accounts cannot be merged when the email address obtained from LDAP has uppercase characters. · Issue #81 · wekan/ldap · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Dec 22, 2024. It is now read-only.

Existing accounts cannot be merged when the email address obtained from LDAP has uppercase characters. #81

Open
njpaul opened this issue May 19, 2020 · 2 comments · Fixed by #82
Open

Existing accounts cannot be merged when the email address obtained from LDAP has uppercase characters. #81

njpaul opened this issue May 19, 2020 · 2 comments · Fixed by #82

Comments

@njpaul
Copy link
njpaul commented May 19, 2020

I've been asked to integrate Wekan with our company's Active Directory. I'm unable to merge existing users.

The error I am getting is

wekan_1    | [DEBUG] Identifying user with: objectGUID
wekan_1    | [INFO] Querying user
wekan_1    | [DEBUG] userQuery {
wekan_1    |   "services.ldap.id": "da4a9f103466e34baa9e40bd34280c29"
wekan_1    | }
wekan_1    | [DEBUG] userQuery {
wekan_1    |   "_id": "last.f",
wekan_1    |   "emails.0.address": "F.Last@xxxxxxx.com"
wekan_1    | }
wekan_1    | [INFO] No user exists with username "last.f"
wekan_1    | [DEBUG] userQuery {
wekan_1    |   "emails.0.address": "F.Last@xxxxxxx.com"
wekan_1    | }
wekan_1    | [INFO] User does not exist, creating "last.f"
wekan_1    | [DEBUG] Identifying user with: objectGUID
wekan_1    | [DEBUG] Identifying user with: objectGUID
wekan_1    | [DEBUG] New user data {
wekan_1    |   "username": "last.f",
wekan_1    |   "email": "F.Last@xxxxxxx.com"
wekan_1    | }
wekan_1    | [ERROR] Error creating user {
wekan_1    |   "isClientSafe": true,
wekan_1    |   "error": 403,
wekan_1    |   "reason": "Email already exists.",
wekan_1    |   "message": "Email already exists. [403]",
wekan_1    |   "errorType": "Meteor.Error"
wekan_1    | }

The user names are in the format <last>.<first initial>, and the email is <first initial>.<last>. The email addresses stored in Active Directory use uppercase letters for the first initial and the first letter of the last name. It turned out that this is an issue.

When non-LDAP users are created in Wekan, it appears the email address is converted to lowercase. When merging an LDAP account with an existing account, the email address is used to match the accounts. However, the email address retrieved from Active Directory is not converted to lowercase before calling Meteor.users.findOne. Since the match failed, Wekan attempts to create a new user, using the lowercase version of the email address, which fails because the email already exists.

I think all that's needed to fix this issue is to convert the email address to lowercase when creating the query that gets fed into Meteor.users.findOne.

To confirm this was the issue, I manually modified the database entry for an existing user's email address to make it match the case of the Active Directory entry. After doing that I was able to successfully login using the LDAP credentials, and the logs indicated the accounts were merged. This will be my workaround until the actual issue is fixed.

While tracing this issue I came across a very minor secondary issue. The log message log_info('No user exists with username', username, '- attempting to find by e-mail address instead'); is not fully written. The third argument, starting with - attempting..., is not written. That argument to log_info is lost since the underlying log function only accepts two arguments in addition to level.

My day is done, but I'll try to set up a development environment and fix the issues tomorrow, unless someone wants to beat me to it.
@xet7
Copy link
Member
xet7 commented May 19, 2020

@njpaul

You are welcome to send pull request. Some development info is here wekan/wekan#3071 (comment)

@njpaul njpaul mentioned this issue May 21, 2020
Merged
@xet7 xet7 closed this as completed in #82 Jun 26, 2024
@xet7 xet7 reopened this Jun 26, 2024
@xet7
Copy link
Member
xet7 commented Jun 26, 2024

Some problems: #82 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Convert email address obtained from LDAP to lowercase before comparin… njpaul/wekan-ldap
2 participants
@xet7 @njpaul
0