Case insensitive username

Alan DeKok aland at deployingradius.com
Fri May 13 13:49:30 UTC 2022


On May 13, 2022, at 9:44 AM, Simon Dankau <SDankau at rf-computer.de> wrote:
>>  So... how are the user names stored in LDAP?  Lowercase?
> 
> Our users are categorized in 3 different groups. The usernames of those groups looks like this:
> 
> username student :       1234567 (a student's unique ID)
> username teacher:        ABCD
> username employee:    t.surname

  I'm presuming that they're in different DNs?  Or they're in different groups?  You need a way to differentiate them.

> I found the right solution to my problem.
> 
> My thoughts on this was that it would be hard  to geht right because we differentiate between 3 to 4 groups with different upper and lower case. After understanding more and more with the authentication and authorization and when and where username changes affect freeradius I found the right spot to use toloer and toupper. We just had to implement one single change in our configuration.....
> 
> The change that was needed is in our server configuration. I just had to add tolower to our teachers group in the ldap search and toupper for our employees.
> 
> So the LDAP search looks like this now: 
> elsif("%{ldap:ldap:///dc=my,dc=bkrnet,dc=de?cn?sub?(&(memberUid=%{toupper:%{User-Name}})(cn=lehrer-bkrheine))}") {
> 		 update reply {
>                     .... }

  That's reasonable.  It also shows that even though FreeRADIUS can be difficult at times, it lets you do pretty much whatever you want.

> After testing this configuration our user TEST can be written test, Test and so on. It always comes out as TEST and gets access to our radius wifi.

  That's good to hear.

> I'll have to thank you for brining me on the right track and for your time and suggestions.

  You're welcome.

  Alan DeKok.



More information about the Freeradius-Users mailing list