necouchman commented on code in PR #902:
URL: https://github.com/apache/guacamole-client/pull/902#discussion_r1759557181
##########
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java:
##########
@@ -398,5 +398,17 @@ public boolean enforceAccessWindowsForActiveSessions()
throws GuacamoleException
PostgreSQLGuacamoleProperties.POSTGRESQL_ENFORCE_ACCESS_WINDOWS_FOR_ACTIVE_SESSIONS,
true);
}
+
+ @Override
+ public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+
+ // By default, PostgreSQL does use case-sensitive string searches, so
+ // we will honor case-sensitive usernames.
+ return getProperty(
+
PostgreSQLGuacamoleProperties.POSTGRESQL_CASE_SENSITIVE_USERNAMES,
+ true
Review Comment:
Here's my thought process:
* In most, if not all, of the other cases (LDAP, OpenID, SAML, etc.), the
back-end authentication system is already dealing with usernames in a
case-insensitive fashion, so defaulting to "false" will not meaningfully change
the behavior of the system.
* In the case of PostgreSQL, the current and default behavior, without this
option, is a case-sensitive username comparison. I think that most people are
okay with - and even want - case-insensitive username comparisons, storage,
etc., but, in the interest of not changing things without the admin
specifically making the decision, I left this as `true`, which is the way it
behaves today.
I'm happy to go either way with this - I really do think that most people
want case-insensitivity with usernames - but then we'll just need to make sure
this is documented prominently in the release notes so that admins are as
unsurprised by the change as possible.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
