Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to override the default security ACL to make it case-insensitive to the username ?

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ

‎11-01-2011 05:17 AM

We have a messy AD where not all email addresses are in lower case. Some are capitalized and some are not. Because of this, a user may login with USer@acme.com or user@acme.com . I see in the ACLS table that the permissions are stored both ways, depending on how the user was logged in at the time the documents were created.

So, because of this, sometimes a user doesn't have access to basic functionality like edit it's own profile or access the personal workspace.

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Olivier_Grisel
Star Contributor
Star Contributor

‎11-01-2011 06:38 AM

Since Nuxeo 5.4.2, you can force the id case of the directory entries to "lower" or "upper" in the LDAPDirectory configuration with: <idCase>lower</idCase> for instance. The default value for that parameter is "unchanged".

That should fix your issue without having to mess with the ACL system. Nuxeo principal ids are must be unique, not only for the ACL system but also for looking up documents by creator id for instance.

View answer in original post

10 REPLIES 10

Go to answer
Olivier_Grisel
Star Contributor
Star Contributor

‎11-01-2011 06:38 AM

Since Nuxeo 5.4.2, you can force the id case of the directory entries to "lower" or "upper" in the LDAPDirectory configuration with: <idCase>lower</idCase> for instance. The default value for that parameter is "unchanged".

That should fix your issue without having to mess with the ACL system. Nuxeo principal ids are must be unique, not only for the ACL system but also for looking up documents by creator id for instance.

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ
In response to Olivier_Grisel

‎11-01-2011 10:54 AM

It would be great if it would work like that, but it doesn't.

0 Kudos

Go to answer
Olivier_Grisel
Star Contributor
Star Contributor
In response to Olivier_Grisel

‎11-01-2011 11:50 AM

I don't see the issue, if you do the change on the LDAPDirectory configuration, the SQLDirectory will naturally fill in it's entries with lowercase ids only.

0 Kudos

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ
In response to Olivier_Grisel

‎11-01-2011 12:20 PM

I've cleared the data folder so I have clean data.

0 Kudos

Go to answer
Olivier_Grisel
Star Contributor
Star Contributor
In response to Olivier_Grisel

‎11-01-2011 12:38 PM

Alright I think we can say that this qualifies as a bug. Can you please open a jira issue? I think we should make the SQLDirectory and / or MultiDirectory able to handle the idCase param as well to make them behave consistently.

0 Kudos

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ
In response to Olivier_Grisel

‎11-02-2011 04:26 AM

I already tried that but I have contributed a extension to the UserManager overriding the makePrincipal method, but the id is null at that point.

0 Kudos

Go to answer
Olivier_Grisel
Star Contributor
Star Contributor
In response to Olivier_Grisel

‎11-02-2011 06:14 AM

Indeed overriding makePrincipal is useless since the user entry is already fetched from the user directory when this method is called. Override getPrincipal as I said previously instead

0 Kudos

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ
In response to Olivier_Grisel

‎11-02-2011 06:25 AM

Also I have entered support ticket SUPNXP-4618 for the same.

0 Kudos

Go to answer
fast_narcis_
Confirmed Champ
Confirmed Champ
In response to Olivier_Grisel

‎11-02-2011 08:00 AM

It worked like this

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC