joestubbs
commented
2 months ago Note that this behavior is present on all other LDAPs, including dev, irec, vdj, etc. We will update the behavior as above for all LDAPs.
Closed joestubbs closed 1 month ago
joestubbs
commented
2 months ago Note that this behavior is present on all other LDAPs, including dev, irec, vdj, etc. We will update the behavior as above for all LDAPs.
joestubbs
commented
1 month ago Released as part of 1.6.1
DNs in the TACC LDAP are case insensitive, meaning that the usernames "jstubbs" and "JSTUBBS" are equivalent for the purposes of a bind. This means that a user can enter different usernames that are the same up to lowercase() and generate JWTs with different subjects. We should add a check for all tenants using the TACC LDAP that rejects any bind attempt for usernames that contain non-lowercase letters.