#4150 [HHQ-3902] LDAP case insensitive authentication may lead to

[Hyperic Team]

http://jira.hyperic.com/browse/HHQ-3902


Adapted this bug report from the RHQ project: http://jira.rhq-project.org/browse/RHQ-2281

LDAP authentication may be case insensitive whereas HQ usernames are case sensitive. So, a single LDAP username, say 'user1' may pass a login check for 'user1', 'User1', 'USER1', etc. But, each of these variations will look like a different user to HQ and each will ask to be registered separately upon successful LDAP authentication.

Perhaps for LDAP we should allow only one case-specific entry. Meaning, if we invoke LDAP authentication, and it succeeds, check the HQ db for the username in a case-insensitive way. If there is a match, change the entered username to the existing entry and continue with the session.