FOG Login with spaces in username

Sebastian Roth

@kek said in FOG Login with spaces in username:

but it is also is not working because the LDAP Plugin looks if this username exists in the AD but this name does only exists in the web page field in some users.

Can you be more specific on how you know this? You seem to have a lot of detail knowledge about how this works but you don’t post any of the details. Please share more of the information here. Reading between the lines I guess you have looked through the FOG (LDAP plugin) code already. Please let us know where you see it’s doing the wrong thing.

kek

@Sebastian-Roth said in FOG Login with spaces in username:

@kek said in FOG Login with spaces in username:

but it is also is not working because the LDAP Plugin looks if this username exists in the AD but this name does only exists in the web page field in some users.

Can you be more specific on how you know this? You seem to have a lot of detail knowledge about how this works but you don’t post any of the details. Please share more of the information here.

I made a lot of error_logs to see what the Plugin is searching for, but then i saw the Plugin is not the problem.
I know that because the user got put in the Database after i tried to login a user, but it is not logging in.

Reading between the lines I guess you have looked through the FOG (LDAP plugin) code already.

Yes i looked in the LAP Plugin code to see what is the problem, but as already said the Plugin does it’s Job right.
I error_log ged the search thats is executed when you try to Login.

Please let us know where you see it’s doing the wrong thing.

The problem lies by the FOG Login, and because i dont see in the Code why spaces aren’t allowed i made that post.

I think this PHP Class is for the login: processlogin.class.php

Sebastian Roth

@kek said in FOG Login with spaces in username:

I error_log ged the search thats is executed when you try to Login.

Can you share this?

Quazz

https://github.com/FOGProject/fogproject/blob/master/packages/web/lib/fog/user.class.php#L214

This function is where it validates the username.

It uses the same regex as the javascript that checks when you try and manually create an account.

@kek can you share some examples that failed so we could potentially modify it?

It doesn’t seem difficult, but we need to know if it’s valid for your case.

Wayne Workman

Didn’t read enough - carry on.

Tom Elliott

I just want to understand the use case for a requirement to have spaces in the Username?

The regex doesn’t allow for spaces, and creating usernames with spaces isn’t allowed as well.

How is this a bug if this is intended? Too my knowledge, you cannot create an active directory | ldap user name (userprincipalname) with spaces.

Tom Elliott

@Quazz @Sebastian-Roth @Wayne-Workman @kek

This isn’t a normal situation in my eyes. That’s not to say you can’t get spaces in your usernames.

Change the relevant regex from: (?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]+$ to:
(?=^.{3,40}$)^[\w][\w0-9]*[ ._-]?[\w0-9]*[ ._-]?[\w0-9]+$

And you should be able to create and use usernames with spaces. But again, this isn’t very common, especially when paired with AD logins. The userPrincipalName will still be without spaces.

Probably a better method would be:
(?=^.{3,40}$)^(?!.*[_\s-\.]{2,})[a-zA-Z0-9][a-zA-Z0-9_\s\-\.]*[a-zA-Z0-9]$ as it allows multiple spaces

If you need the username to be longer or shorter than 40, 3 respectively just remove the first part of the line, or make the relevant numerical changes.

the (?=^.{3,40}$) means Must be at least 3 characters and cannot exceed 40 characters (this includes spaces, dots, dashes, and underscores.

Seeing as our schema for Usernames is set to 50 characters, you can’t have anything more than 50. So you could adjust the first part to simply be:
(?=^.{1,50}$).

It won’t show as invalid if you remove the line, but the database won’t be able to store the field.

Sebastian Roth

@Tom-Elliott When reading the topic at first I though this ought to be a bug. But learning more about it I don’t see it as a bug anymore. Moved it back to problems. I think you instructions will help the OP to make this work for his situation. Thanks!

Quazz

@Tom-Elliott I agree that it’s not a bug (everything is working as designed).

I don’t have a lot of experience with AD; I was unsure what is and isn’t allowed. It seems that spaces in AD names are bad practice and cause more problems than they’re worth. (though it doesn’t seem impossible, just breaks half your stuff)

Tom Elliott

@Quazz The usernames, themselves, cannot have spaces. But from the overview of this, he’s using a field of the AD/LDAP that doesn’t care about spaces. For example, displayName over sAMAccountName

kek

@Tom-Elliott Thank you for providing a solution for this. I will test it tomorrow. I think if i found the right file before, i could have fixed it myself :). Thanks to all for the great support. I will reply tomorrow containing the results.

kek

I’m sorry I haven’t answered for so long, but I’ve been busy a lot and haven’t been able to address this issue until now.

First i only got the login of the FOG local users to work with the solution provided by @Tom-Elliott.
I could login with usernames the contain spaces with the following changes:

user.class.php:
Line 214:
Change the relevant regex from:

(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]+$

to:

(?=^.{3,40}$)^[\w][\w0-9]*[ ._-]?[\w0-9]*[ ._-]?[\w0-9]+$

fog.user.js
Comment out:

//regex: /^[\w][\w0-9]*[._-]?[\w0-9]*[.]?[\w0-9]+$/

When i tried to login with a domain user that contains spaces (users without spaces worked already) i got the same problem, no error but no login.

Then i figured out that the LDAP plugin uses the same check and regex so i had to edit this too:

ldap.class.php
Comment out:

        /**
         * Test the username for funky characters and return
         * immediately if found.
         */
//        $test = preg_match(
//            '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[.]?[\w0-9]+$/i',
//            $user
//        );
//        if (!$test) {
//            return false;
//        }

Now it works like a charm.

Thanks to all people that were involved in this.

This can be marked as solved.