I'm also having this problem, but let me add some additional information. I entered this as AR-1191. I'd appreciate some help on this problem, because this is pretty much of a showstopper for us here in our Alfresco eval.First of all, I'm synching the user/group data with an Active Directory. That works great, everything comes over. Further, anyone so synched can log in to Alfresco. Also, I'm using LDAP & NTLM authentication against the Active Directory.However, users with mixed-case userids are unable to access resources in the ways specified in ACLs created for them. This includes, for example, their own home space, of which they are supposed to be the owner, as well as other spaces where explicit ACLs are set up for them. Other users (all lowercase userids) do not experience this issue.I also tried changing the
user.name.caseSensitive=false
to
user.name.caseSensitive=true
and also verified that the database is set to collate with case-sensitivity.This resulted in some bizarre behavior: If one of these mixed-case IDs logs in, they get no error messages, and it appears that they can use their home space. However, when they try to access other spaces to which they have been explictly granted permissions, they are unable to perform any actions granted to them. Guess why? When they logged in lowercase, a new userid is created for them, the lowercase version of their mixed-case ID, and a new home space is created for them. So there are two problems. Even though case-sensitive userids are enabled1) the authenticator lets them through when they log in in lowercase.2) even when they log in "correctly" with their mixed-case ID, the system authenticates them, but then creates a new lowercase ID for them and a new home space.Therefore, I agree with the original poster in http://issues.alfresco.com/browse/AR-587: Converting the userid to lowercase is a loss of information and subsequently causes problems, namely, that authentication AND authorization are broken. Andy's comment and closure of that bug seem to be premature, since obviously the mixed-case ID is being lost, not stored. You can even see this where it prints the logged-in userid next to the "Log out" link at the top right–it's the lowercase version of the ID, regardless of how you logged in initially.This is a problem, since in our enviroment, most people use IE. This means that they are automatically logged in to Alfresco. Since I can't expect people to change how they login to their Windows workstations, nor can I require all userids to be created in lowercase, users are going to get stuck, and they're not going to understand why. I barely do, as a matter of fact.Note that this behavior occurs whether I'm using IE or Firefox, and whether I'm using Windows or Linux.I might add that there are other weird issues around LDAP & NTLM. For example, even though the following is specified in ldap-authentication-context.xml:
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>true</value>
</property>
</bean>
you cannot delete users using the administration console–usually. Sometimes, if you shut down the server, and wait just the right amount of time before starting it back up, you can sneak in there and delete users. But not always. To me that's another bug.Also, sometimes the "Logout" link takes you to a screen that says "Re-login to Alfresco", whereas other times, it takes you to a screen that prompts you to enter your username and password. The "Re-login" link never allows you to enter a new username, which is a pain for testing this kind of stuff.
