christophe-lejeune
commented
4 years ago I have recently restored one old rule in Cassandre code, that forces usernames (not passwords, of course) to be lowercase (ie: usernames are converted lowercase, whatever the user fills in the username field). Passwords remain untouched.
The reason for this rule was that our software (Cassandre + AAAforREST + LDAP) allows users to register with their username, even if they submit it with a mix of lower and uppercase (this is the case, in particular, for people using phones or tablets). I realized later that one username may create two (or more) different identities (corresponding to each mix of lower and uppercase, for the same username). Perhaps you are facing a similar problem (?).
I have to mention that, last yeay, I also faced a problem with one and only user, reporting that he was unable to log in Cassandre. However, given this student was not sure of his own password and because he did not stop to change his password (in order to solve the problem), I decided to ignore the problem (assuming that it was not coming from the software iteself).
benel
Among 130 students, 2 of them were unable to login to Argos through LaSuli, whereas they succeeded in Cassandre.
Because authentication settings are exactly the same on Argos and Cassandre, and because of the scarcity of the bug, I suspect password encoding to be not robust enough in LaSuli (contrary to Cassandre).
@christophe-lejeune Do you remember a similar bug you fixed in Cassandre ?