Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.4.0, 3.15.2
-
Fix Version/s: 3.16.0
-
Component/s: LDAP, Migration, User Token
-
Labels:
-
Story Points:3
-
Epic Link:
Description
User token lookups in Nexus 3 from user ID to token are done using a case sensitive match. This causes a problem after upgrading from Nexus 2.x to 3.x because Nexus 2.x uses the case a user logs in with when creating a token, and Nexus 3 uses the case of the ID stored in the LDAP server.
Reproduce steps:
- Create an upper case LDAP user ID in an LDAP system.
- Map this user into roles in Nexus 2.x that allow access to user tokens
- Enable user token access in Nexus 2.x
- Log in as the LDAP user using a lower case login ID, and access the user token
- Upgrade to Nexus 3.4.0
- Log in as the LDAP user using a lower case login ID, and access the user token
You will see that the token in Nexus 3 does not match the one in Nexus 2.
Notes
- LDAP user IDs are not case sensitive. This should be preserved in NXRM 3's behavior.
- This will likely require an upgrade step that cleans up duplicate user tokens that only differ by case.
- This problem may also affect default realm user ids.