Thanks for the quick reply.
Which version of Seafile?
CE 8.0.x and 9.0.4
Do you enable ldap syncing?
Not available in CE. We didn’t test this problem with PRO.
What operations does the user do?
What errors do you have from the interface and the relevant logs?
User tries to login, which fails with invalid credentials error.
As far as we could recreate the problem:
- User login worked fine with a lower case mail address in the LDAP ‘mail’ field
- User login is saved as lower case in the user database (as you confirmed)
- User changed the mail address now containing uppercase letters in the LDAP ‘mail’ field
- Login now fails
- Admin removes user from LDAP Seafile Group (user by LDAP filter)
- Admin removes user from imported LDAP list (we checked in the db, the user in the ldap (import) list was removed)
- User tries to login, which fails, log showing invalid credentials. In the imported LDAP list the previous user is listed in lower case with last login info from before the mail address change (where login worked fine)
- Changing the mail address in the LDAP ‘mail’ field back to lower case allows login again
We think that there might be a reference in the user db somewhere which links the same address to previous accounts even if removed before.
The login might fails because the users mail address is stored in mixed case in the LDAP ‘mail’ field while Seafile tries to authenticate with a lower case mail address.
This might be an LDAP problem after all (open LDAP in this case) but shouldn’t this be resolvable on the Seafile Auth side?
I guess that it might, yet again, come back to the problem that Seafile uses mail addresses as identifier for users instead of a username with changeable mail address.
Wouldn’t it be possible to allow adding multiple mail addresses for a user, adding a username or other unique identifier per user account in the backend?
This might allow logging in with username instead of mail address while mail addresses can be changed, even in the LDAP ‘mail’ field at will of the user or admin without causing any trouble.
Or is this a LDAP problem not accepting lower case mail addresses while the the LDAP ‘mail’ field contains a mixed case mail address?
Thanks for checking, appreciated!