Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migration: VPN accounts not visible if username contains uppercase letters #966

Closed
gsanchietti opened this issue Dec 10, 2024 · 4 comments
Closed

Migration: VPN accounts not visible if username contains uppercase letters #966

gsanchietti opened this issue Dec 10, 2024 · 4 comments
Labels
verified All test cases were verified successfully
Milestone
NethSecurity 8.4

Comments

@gsanchietti
Copy link
Member

Steps to reproduce

  1. Start with a NethServer 7.9 connected to an external Active directory, where VPN user accounts are correctly recognized and displayed with profiles in lowercase.
  2. Perform a migration to NethServer 8.
  3. List the users in the remote database with the command: 
    root@fwdavtest:~# uci show users
users.main=local
users.main.description='Local users'
users.ns_ldap1=ldap
users.ns_ldap1.user_attr='sAMAccountName'
users.ns_ldap1.bind_dn='ldapservice@adns8.nethlab.it'
users.ns_ldap1.user_bind_dn='%u@adns8.nethlab.it'
users.ns_ldap1.schema='ad'
users.ns_ldap1.uri='ldap://rl94ad.adns8.nethlab.it'
users.ns_ldap1.bind_password='vtiptlOuOFz+v1GLYnjX/lf0PJSEn-sG'
users.ns_ldap1.base_dn='DC=adns8,DC=nethlab,DC=it'
users.ns_ldap1.user_dn='DC=adns8,DC=nethlab,DC=it'
users.ns_ldap1.user_display_attr='displayName'
users.ns_ldap1.tls_reqcert='never'
users.ns_ldap1.start_tls='1'
users.ns_7667497d=user
users.ns_7667497d.name='test2dav'
users.ns_7667497d.database='ns_ldap1'
users.ns_7667497d.openvpn_enabled='1'
users.ns_231eb50f=user
users.ns_231eb50f.name='test3dav'
users.ns_231eb50f.database='ns_ldap1'
users.ns_231eb50f.openvpn_enabled='1'
    Confirm that both test2dav and upper case test3dav are present.
  4. On the VPN page, only test2dav isvisible.

Expected behavior

  • Both test2dav and TEST3DAV should be visible in the VPN profiles section of the web interface.

Actual behavior

  • Only test2dav, which had a lowercase username, is visible in the VPN profiles section, even while the certificate files exist for both users: 
    root@fwdavtest:~# ls -hal /etc/openvpn/ns_roadwarrior1/pki/issued/
drwx------    2 root     root        3.4K Dec  9 16:41 .
drwx------    7 root     root        3.4K Dec  9 16:42 ..
-rw-------    1 nobody   nogroup     1.4K Dec  9 16:41 server.crt
-rw-------    1 nobody   nogroup     1.5K Dec  9 16:41 test2dav.crt
-rw-------    1 nobody   nogroup     1.5K Dec  9 16:41 test3dav.crt

Components
NethSecurity version: 8-23.05.5-ns.1.3.0

References
@github-project-automation github-project-automation bot moved this to ToDo 🕐 in NethSecurity Dec 10, 2024
@gsanchietti gsanchietti mentioned this issue Dec 10, 2024
Merged
gsanchietti added a commit to NethServer/python3-nethsec that referenced this issue Dec 10, 2024
@gsanchietti
fix(users): force user name to lower case (#81)
1506384 
Users inside a remote LDAP are usually matched in case-insenstive
mode.

Make sure to always force the username to lower case to avoid
mismatch when the remote LDAP has names in uppercase (like AD):
this change will fix access for OpenVPN users using the external
LDAP.

NethServer/nethsecurity#966

Note that such users are already imported in lower case inside
the users db.
gsanchietti added a commit that referenced this issue Dec 10, 2024
@gsanchietti
chore: bump python3-nethsec
0882786 
Issue #966
@github-actions GitHub Actions
Copy link
Contributor

Testing image version: 8-23.05.5-ns.1.3.0-106-g0882786b

@github-actions github-actions bot added the testing Packages are available from testing repositories label Dec 10, 2024
@gsanchietti
Copy link
Member Author

Test case

Check the issue is not reproducible

@gsanchietti gsanchietti moved this from ToDo 🕐 to In Progress 🛠 in NethSecurity Dec 10, 2024
@gsanchietti gsanchietti added this to the NethSecurity 8.4 milestone Dec 10, 2024
@francio87 francio87 self-assigned this Dec 10, 2024
@francio87
Copy link
Member

Verified ✅

Image

@francio87 francio87 removed their assignment Dec 10, 2024
@francio87 francio87 added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Dec 10, 2024
@nethbot nethbot moved this from In Progress 🛠 to Verified in NethSecurity Dec 10, 2024
@gsanchietti
Copy link
Member Author

Released on 23.05.5-ns.1.4.0

@github-project-automation github-project-automation bot moved this from Verified to Done ✅ in NethSecurity Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
verified All test cases were verified successfully
Projects
NethSecurity
Archived in project
Milestone
NethSecurity 8.4
Development

No branches or pull requests
2 participants
@gsanchietti @francio87