[GH-ISSUE #239] [BUG] No validation on frontend #83

New issue

Open

opened 2026-02-27 08:15:08 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 08:15:08 +03:00

Owner

Originally created by @Leopere on GitHub (Jul 12, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/239

It would appear that the users name field is able to accept input with spaces and non alpha numeric characters. It seems that when I did this the system seemed to lock up and slow down significantly.

Originally created by @Leopere on GitHub (Jul 12, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/239 It would appear that the users name field is able to accept input with spaces and non alpha numeric characters. It seems that when I did this the system seemed to lock up and slow down significantly.

kerem added the

labels

2026-02-27 08:15:08 +03:00

kerem commented

2026-02-27 08:15:09 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 12, 2022):

There's fundamentally no limitation regarding what format usernames take, they're just case insensitive. The problem might be with downstream applications who will not recognize the string as a valid username.
I doubt that it affects performance though, we don't do anything smart with the username apart from lowercasing it.

One other thing to consider is that it's the admins who create users and thus choose the usernames, so I'm counting on them to be a bit reasonable ;)

I might forbid spaces though, just in case.

@nitnelave commented on GitHub (Jul 12, 2022): There's fundamentally no limitation regarding what format usernames take, they're just case insensitive. The problem might be with downstream applications who will not recognize the string as a valid username. I doubt that it affects performance though, we don't do anything smart with the username apart from lowercasing it. One other thing to consider is that it's the admins who create users and thus choose the usernames, so I'm counting on them to be a bit reasonable ;) I might forbid spaces though, just in case.

kerem commented

2026-02-27 08:15:09 +03:00

Author

Owner

@olaxe commented on GitHub (Jul 18, 2022):

I use emails as User ID because it is much more easy for my users to remember it. Is it possible to keep also authorized all email characters?

@olaxe commented on GitHub (Jul 18, 2022): I use emails as User ID because it is much more easy for my users to remember it. Is it possible to keep also authorized all email characters?

kerem commented

2026-02-27 08:15:09 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 18, 2022):

Note that you can configure most services to allow logging in via both email and username, in the LDAP settings

@nitnelave commented on GitHub (Jul 18, 2022): Note that you can configure most services to allow logging in via both email and username, in the LDAP settings

kerem commented

2026-02-27 08:15:09 +03:00

Author

Owner

@olaxe commented on GitHub (Jul 19, 2022):

Yes thanks. Unfortunately, not the LLDAP reset password process. My users are good at reset their passwords.

@olaxe commented on GitHub (Jul 19, 2022): Yes thanks. Unfortunately, not the LLDAP reset password process. My users are good at reset their passwords.

kerem referenced this issue

2026-02-27 08:17:54 +03:00

[PR #83] [MERGED] Revert "github: Fix dockerhub description update" #535