[pbs-devel] [RFC PATCH proxmox-backup v2 14/15] api: add case-insensitive support for Active Directory realms
Lukas Wagner
l.wagner at proxmox.com
Mon Nov 27 10:57:03 CET 2023
On 8/16/23 16:47, Christoph Heiss wrote:
> To properly support case-insensitive comparison of user names,
> `CachedUserInfo` first needs to gain logic whether to look up the userid
> in a case-sensitive or -insensitive manner.
>
> The API part is pretty straight-forward, adding a new `case-sensitive`
> parameter to the API (which is on-by-default).
>
Mhmm, it seems this patch breaks user permissions if logging in as one
of the case-permutations of the original username.
Assuming you have a user 'test at ad-realm' (mapping to
'test at ad.example.com' on the AD server) and
the 'case-sensitive = false' in the AD realm settings,
you can login as 'Test at ad-realm' as well as 'test at ad-realm' -
however, if I give the 'test at ad-realm' user permissions for some
resources, e.g. a data store, the resource will not be accessible if I
log in as 'Test at ad-realm'.
--
- Lukas
More information about the pbs-devel
mailing list