We have configured our system to use an external LDAP for authentication to the iChat server and have found the following issue.
After proper authentication, we can tell it is correct by looking out our LDAP logs (using Sun One 5.2p2) some users would not authorize. We found the issue that users who had their uid attribute in LDAP as uppercase would not work whereas those with lowercase would.
dn: uid=XXX123,ou=people,ou=intranet,dc=somecompany,dc=com
…
…
uid: XXX123
would NOT work
dn: uid=XXX123,ou=people,ou=intranet,dc=somecompany,dc=com
…
…
uid: xxx123
would work.
The attribute type and data for uid is supposed to be case-insensitve but the iChat server (and possibly others) do not treat it as such and fails authorization after authenticating.
We then just switched to using just OD and found the same issue. If the uid (or shortname) was in UPPER case it would not work. No matter if we entered in the jabberid upper or lower case…
Again, it shouldn’t matter if the uid attribute value is upper or lower case (LDAP RFC’s and even the OD Scheme they use)- they should be treated as the same by all the LDAP RFC’s… But iChat seems to convert whatever id you enter to lower case and then try to match that lowercase to whatever LDAP/OD returns.
Anyone else run into this issue?
.
.
Comments are closed