LDAP Authentication Case Sensitive

I've recently enabled LDAP authentication and used the Kibana GUI to configure role mappings. Unfortunately, it appears usernames are case sensitive. So if I enter a role mapping for user example123, and the user enters Example123, login fails. Is there any way to remove case sensitivity?

There is not, though we have some ideas about how to solve it

Strictly speaking in LDAP it's not guaranteed that example123 and Example123 are the same user (some LDAP attributes are case sensitive but others are not). For safety we assume they're a different user, but would like to make that configurable.

Not sure about LDAP as a protocol, and I know that Active Directory uses it, but Active Directory is case insensitive when it comes to sAMAccountName and UserPrincipalName. It seems like if someone is implementing an AD realm, then Elasticsearch should ignore case.

Alternatively, could it not be adjusted to be something like below?

  1. LDAP search for user
  2. If only one result, ignore case
  3. If multiple results, adhere to case as entered by the administrator
  4. If no match on case, fail authentication and log failure as multiple users, no case match

I'm by no means a developer, so there may be some (a lot) of ignorance on my part.

I DID notice that case was ignored when mapping to user groups and then tested and verified that case was also ignored if I matched on dn. That's fine, just gotta hope nobody moves user accounts around.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.