[ https://issues.jboss.org/browse/GTNPORTAL-2476?page=com.atlassian.jira.pl... ] RH Bugzilla Integration commented on GTNPORTAL-2476: ---------------------------------------------------- Jared MORGAN <jmorgan(a)redhat.com&gt; made a comment on [bug 793425|https://bugzilla.redhat.com/show_bug.cgi?id=793425] Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1 @@ -CAUSE: When you are creating new user/group, UI layer is trying to look if user/group with same name already exists. If it exists, it shows message in UI and it won't try to create such user/group. +Picketlink IDM was performing case-sensitive comparison of user and group names with information stored in OpenDS. Because OpenDS does not record user and group names in a case-sensitive manner by default, cased user names such as "viLiam" were not distinguishable from the user name "viliam". This issue affected search retrieval, as well as user and group creation. The issue can be fixed by configuring Picketlink IDM to compare user and group names in a case-insensitive way. In picketlink-idm-config.xml, change the LDAPIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.- -OpenDS is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of user/group names. So when you try to search user "viLiam" and you already have "viliam", Picketlink IDM will return that user doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create user "viLiam", then it is failing because OpenDS is not case-sensitive and user "viliam" is already here. - -FIX: It's possible to fix it by configure Picketlink IDM to compare user/group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of LDAPIdentityStore in picketlink-idm-config.xml file to true. - -RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira