Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13639

User tokens not migrated if LDAP user ID case does not match login case

    XMLWordPrintable

    Details

      Description

      User token lookups in Nexus 3 from user ID to token are done using a case sensitive match.  This causes a problem after upgrading from Nexus 2.x to 3.x because Nexus 2.x uses the case a user logs in with when creating a token, and Nexus 3 uses the case of the ID stored in the LDAP server.

      Reproduce steps:

      1. Create an upper case LDAP user ID in an LDAP system.
      2. Map this user into roles in Nexus 2.x that allow access to user tokens
      3. Enable user token access in Nexus 2.x
      4. Log in as the LDAP user using a lower case login ID, and access the user token
      5. Upgrade to Nexus 3.4.0
      6. Log in as the LDAP user using a lower case login ID, and access the user token

       

      You will see that the token in Nexus 3 does not match the one in Nexus 2.

      Notes

      • LDAP user IDs are not case sensitive. This should be preserved in NXRM 3's behavior.
      • This will likely require an upgrade step that cleans up duplicate user tokens that only differ by case.
      • This problem may also affect default realm user ids.

        Attachments

          Activity

            People

            • Assignee:
              mpiggott Matthew Piggott
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Joe Tom
              Team:
              NXRM - Tron
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: