<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div style="">
<div dir="auto">
<div dir="auto">
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto">Hello Magnus</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto"><br>
</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto">Thank you for your prompt reply. </div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto"><br>
</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto">I’m not sure I understand your last statement. I want to achieve that regardless of the case of the entered username is logged into the same Postgres user (whose name is created in all
lowercase).</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto"><br>
</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto">In other words, Windows usernames one day entered as XYz, the next day entered as xYz, should logon to Postgres user xyz.</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto"><br>
</div>
<div id="signature-div-BA3B5AE5-4EBC-4395-BA68-7D8ECDC6EFA6" dir="auto">Niels<br>
<br>
</div>
</div>
</div>
</div>
<hr>
<div dir="auto" style=""><br>
<b>Fra:</b> Magnus Hagander <magnus(at)hagander(dot)net><br>
<b>Dato:</b> 30. august 2019 kl. 13.31.33 CEST<br>
<b>Til:</b> Niels Jespersen <NJN(at)dst(dot)dk><br>
<b>Cc:</b> pgsql-general(at)lists(dot)postgresql(dot)org <pgsql-general(at)lists(dot)postgresql(dot)org><br>
<b>Emne:</b> Re: SSPI auth and mixed case usernames<br>
</div>
<br>
<div>
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Aug 30, 2019 at 1:27 PM Niels Jespersen <<a href="mailto:NJN(at)dst(dot)dk">NJN(at)dst(dot)dk</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
Hello<br>
<br>
Postgresql 11.2 on Windows. <br>
<br>
I have a user mapping i pg_hba.conf <br>
<br>
sspi map=domain<br>
<br>
In pg_ident.conf, I have the following: <br>
<br>
domain /^(([A-Z|a-z]{3}[A|a]?)|([Xx]\d{2}))@DOMAIN$ \1<br>
<br>
This maps windows logonname til a postgres username. Hower, for reasons I cannot explain, sometimes the username comes in all-lowercase, at other times it comes all-caps. This is dependant on the Windows host the client is connected to.
<br>
</blockquote>
<div><br>
</div>
<div>It is actually dependent on what the user typed into their login box when they logged in to the machine. Yes, that's mostly insane, but that's how those APIs in Windows work.</div>
<div><br>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
I do not want to create both XXX and xxx as users on Postgres. I would prefer to translate alle usernames to lowercase in the map.
<br>
<br>
Is that possible, and if so, how? <br>
</blockquote>
<div><br>
</div>
<div>No, PostgreSQL will not do that automatically for you. </div>
<div><br>
</div>
<div>What pg_ident.conf allows you to do is say that the user is allowed to log in to the postgres user in lowercase even if the username retrieved using sspi is not in lowercase. But the application still has to actually try to log in with lowercase, and do
so before it connects to PostgreSQL.</div>
<div> </div>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div> Magnus Hagander<br>
Me: <a href="http://www.hagander.net/" target="_blank">https://www.hagander.net/</a><br>
Work: <a href="http://www.redpill-linpro.com/" target="_blank">https://www.redpill-linpro.com/</a></div>
</div>
</div>
</div>
</div>
</body>
</html>