WebDAV / LDAP-User errors

danmunn / redmine_dmsf

Fork of svn repository for redmine_dmsf

GNU General Public License v2.0

413 stars 193 forks source link

WebDAV / LDAP-User errors #1528

Closed BeateLerch closed 1 week ago

BeateLerch commented 1 week ago

Hi, when a LDAP-authenticated user tries to open a MSOffice-Document via webDAV, it will result in an error "ERROR -- : Digest authentication method expected got bearer" or just "ERROR -- : Digest authentication: digest response is incorrect". A locally defined users (admin) will not have that issue. Have you any idea why this might be so?

Here is my configuration:

ubuntu / apache
redmine 5.1.2
dmsf 3.1.6

thanks, Beate

picman commented 1 week ago

What is in logs/production.log?
Do the have their DMSF WebDAV digest generated in their account?

BeateLerch commented 1 week ago

Hello Karel,

thanks for investigating. Here ist he log. First, i tried to access a document created by admin, then uploaded one as myself (BL8) and tried to access that. After re-checking my user accout (just to be sure) i went and did a webdav-listing. First as myself, then as admin.

Regards, Beate

Von: Karel Pičman @.> Gesendet: Donnerstag, 27. Juni 2024 17:15 An: danmunn/redmine_dmsf @.> Cc: Lerch, Beate @.>; Author @.> Betreff: Re: [danmunn/redmine_dmsf] WebDAV / LDAP-User errors (Issue #1528)

What is in logs/production.log?
Do the have their DMSF WebDAV digest generated in their account?

— Reply to this email directly, view it on GitHubhttps://github.com/danmunn/redmine_dmsf/issues/1528#issuecomment-2194992946, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BFH2XZS7I6B7XDBMZ67ZKZLZJQUATAVCNFSM6AAAAABKAATJHWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJUHE4TEOJUGY. You are receiving this because you authored the thread.Message ID: @.**@.>>

BeateLerch commented 1 week ago

Hello Karel,

after reviewing the database tables I just had a hunch – and tried authenticating via webDAV with uppercase writing of my username as it is written in the database. And voila – I can access the document. So, the problem seems to be that while redmine itself is not case sensitive about usernames, dmsf-webDAV obviously is.

Since case sensitivity in usernames is quite unusual in itself and additionally different from the behavior oft he main system, please accept this as a bug.

Thanks again, Beate

picman commented 1 week ago

It seems to be a feature of the digest authentication as the client calculates the hash from entered login and password. On the server side you have user's hash stored in the database. The stored hash was generated using user's login and password. When an authentication is required, these two hashes are compared. If the logins differ, the hashes differ too and the authentication fails. I don't see any solution how to implement digest authentication case insensitive.

picman commented 1 week ago

I've mentioned that in the help. If anybody comes with a solution, I will reopen it.