Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-14775

LDAP group membership matching should be case insensitive by default

    Details

    • Type: Improvement
    • Status: New
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0, 2.14.4
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
      None
    • Notability:
      4

      Description

      LDAP group membership matching is case-sensitive inside Nexus Repository Manager. In rare cases some LDAP servers systems may enforce group matching case-sensitively, but by default DN and attribute matching is case-insensitive:

      https://stackoverflow.com/questions/29897684/is-ldap-dn-case-insensitive

      This issue is to acknowledge the application default matching algorithm and provide a vehicle to gather user feedback if change the default is warranted/desired by users.

      Changing the default matching could conceivably result in a security escalation in rare circumstances, so such a change could require a major version bump of product.

      The IQ Server also appears to match case sensitively on group membership as well, so both server product defaults are consistent to my knowledge.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Mahendra Surani Mahendra Surani
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title