I already installed and configured nextcloud and it ran smoothly.
To integrate with our running systems, we need to match it with our LDAP Server (and so far it is okay), but our LDAP usernames are case sensitive.
The username in LDAP is a special field designed to be case sensitive, for security.
I can login using my user that is all in lowercase (ex: example345), but failed when using my user that have mixed case (ex: ExAmple123).
From the log I noticed that nextcloud made the username at login screen to lowercase (strtolower I guess), therefore the LDAP never find the user.
I just need to disable the lower-casing at login screen, so I can login. Any help will be really appreciated.
Afaik, LDAP is always case-insensitive, even the RDNs are. Besides that, case-sensittivity doesn’t give you any more security whatsoever. Better to operate in an known environment and to be aware of the dangers, than to lull yourself in a false sense of security.
[user_ldap] Warning: LDAP Login: Could not get user object for DN uniqueidentifier=cdmxy12@test.com,ou=mail,dc=test,dc=com. Maybe the LDAP entry has no set display name attribute?
From the log we can clearly see that my uniqueIdentifier is forced to the lowercase (CDMxy12@test.com --> cdmxy12@test.com), while in my LDAP data, the uniqueIdentifier field is filled with ‘CDMxy12@test.com’ NOT ‘cdmxy12@test.com’.
If I added ‘cdmxy12@test.com’ in my LDAP uniqueidentifier field, of course I will be able to login. But that’s not the solution, since we want the case sensitive username.
I am using openLDAP. I think the problem lies on the nextcloud settings, not the LDAP server because we configured it to be case sensitive (for security). If I tested ‘CDMxy12@test.com’ in settings > LDAP/AD Integration > Login attributes, the result was user found…
With a little tweak you can make the field in LDAP to be case sensitive. Back awhile I also configured roundcube to disable the lower-casing username and it worked.
I agree with you regarding the security problem, but well it was an order from the higher-ups
As I said - not a good and not even a standardized solution, since ldap is lower case by definition. Now, you will have to tweak this file, if a new NC release changes it.
You should probably address this once more with “the board” - suggest to them to stick to RFC standards, instead of rolling their own. In the end standards are there for a reason.