[dev] Mixed-case usernames and permissions

[John Morrissey]

We had a problem recently where a user had imported several contacts into
Turba while logged in with an uppercase username (we authenticate against an
LDAP directory, which is case-insensitive). These contact objects were saved
with an uppercase owner_id.

Later, when she logged in with a lowercase username, Turba::hasPermission()
prevented her from viewing these contacts since it does a case-sensitive
check for the object owner:

                    ($in->hasValue('__owner') &&
                     $in->getValue('__owner') == $userID)) {

Given that some auth backends are case-insensitive (LDAP and MySQL, to name
two), what's the best way of handling this? It seems like this could be a
problem elsewhere, so should these backends just force all usernames to
lower case?

john
-- 
John Morrissey          _o            /\         ----  __o
jwm at horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__