Up to Discussions in Openfire Support

This Question is Answered

1 "correct" answer available (10 pts)
996 Views 6 Replies Last post: Nov 19, 2008 8:39 AM by slicer321 RSS
slicer321 Silver
slicer321
161 posts since
Apr 14, 2008
Currently Being Moderated

Nov 13, 2008 12:10 PM

Upper/Lower case user names (JIDs)

Folks,

 

Finding when I'm creating or using upper case user names, that this information is set to lower case. It becomes an issue when authenticating against an external database, where case sensitivity is an issue*1. Is there a OPF setting that allows case distinction for this?

 

Thanks,

BEA

 

2008.11.13 11:47:35 SaslException

javax.security.sasl.SaslException: PLAIN authentication failed [Caused by javax.security.sasl.SaslException: PLAIN: user not authorized: SlicerTester]

        at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:145)

        at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :231)

        at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:160)

        at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)

        at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

        at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

        at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)

        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

        at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

        at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

        at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:185)

        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

        at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

        at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

        at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

        at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

        at java.lang.Thread.run(Unknown Source)

Caused by: javax.security.sasl.SaslException: PLAIN: user not authorized: SlicerTester

        at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:128)

        ... 22 more

 

Daryl Herzmann KeyContributor
Daryl Herzmann
673 posts since
Mar 12, 2005
Currently Being Moderated
Nov 13, 2008 12:16 PM in response to: slicer321
Re: Upper/Lower case user names (JIDs)

Hi,

 

I noted something along these lines:

 

http://www.igniterealtime.org/community/thread/30875

 

What tool are you using the create the accounts?  I believe you can get different results if you use the UserService plugin versus creating them from the admin console tool.

 

daryl

slicer321 Silver
slicer321
161 posts since
Apr 14, 2008
Currently Being Moderated
Nov 13, 2008 12:52 PM in response to: Daryl Herzmann
Re: Upper/Lower case user names (JIDs)

Our accounts are created and managed via our web site, no specific tool was used. Authentication against that database then occurs as was described in the Custom Database Integration Guide*1. I just saw your post after (again) searching for 'case', but the odd thing about that is I did do a search on this term before posting to try and research what the solution was but no results found! The solution I implemented on my side was to modify JDBCAuthProvider.java to remove the lowercasing of the username before executing the SQL SELECT. I am not certain from reading the UserService plugin README that this would be a fix because it seems oriented around the web interface.

 

Thanks

 

*1 http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/db-integ ration-guide.html

LG KeyContributor
LG
5,452 posts since
Dec 13, 2005
Currently Being Moderated
Nov 13, 2008 12:49 PM in response to: slicer321
Re: Upper/Lower case user names (JIDs)

Hi,

 

you may be interested in JM-13: "XMPP specifices that the "node" portion of a JID (username) must undergo the nameprep stringprep profile. Part of that process is performing case folding (lower-casing) on the node. Messenger doesn't perform full nameprep yet, but it does at least convert usernames to lower-case. This probably is a Smack bug if usernames aren't being lower-cased."

 

Links to the mentioned RFCs:

http://www.ietf.org/rfc/rfc3920.txt "A node identifier MUST be formatted such that the Nodeprep profile of   [STRINGPREP] can be applied to it without failing.  Before comparing two node identifiers, a server MUST (and a client SHOULD) first apply the Nodeprep profile to each identifier."

ftp://ftp.isi.edu/in-notes/rfc3454.txt "These tables map from uppercase to lowercase characters."

So it's fine to use "FooBar@example.com" as a JID but Openfire must internally handle it as "foobar@example.com".

 

Do you want a switch for the external auth provider which allows to use the JID as is to authenticate? This should be possible but it may be much faster to create another database column within your database which contains the user names in lower case.

 

LG

slicer321 Silver
slicer321
161 posts since
Apr 14, 2008
Currently Being Moderated
Nov 13, 2008 1:05 PM in response to: LG
Re: Upper/Lower case user names (JIDs)

Hi LG,

 

Yes I wanted a switch for the external auth provider which allows to use the JID as is to authenticate. To achieve this I modified JDBCAuthProvider.java:authenticate() as follows and it worked fine. Eventhough it doesn't conform to the XMPP specs which seems problematic for our web site (e.g. two user names with the same account names, but different email accounts), it works great for our custom installation.

 

98: username = username.trim().toLowerCase();

 

To...

 

 

98: username = username.trim();

 

 

 

Thanks!

BEA

 

 

http://svn.igniterealtime.org/svn/repos/openfire/branches/openfire_3_5_0/src/jav a/org/jivesoftware/openfire/auth/JDBCAuthProvider.java

LG KeyContributor
LG
5,452 posts since
Dec 13, 2005
Currently Being Moderated
Nov 18, 2008 2:46 PM in response to: slicer321
Re: Upper/Lower case user names (JIDs)

Hi BEA,

 

I did add a comment to http://www.igniterealtime.org/issues/browse/ JM-999 to avoid creating a new issue.

 

LG

slicer321 Silver
slicer321
161 posts since
Apr 14, 2008
Currently Being Moderated
Nov 19, 2008 8:39 AM in response to: LG
Re: Upper/Lower case user names (JIDs)

ty!

More Like This

  • Retrieving data ...

Bookmarked By (0)