phplist `loginname` character limit. about phplist-plugin-simplesaml HOT 7 CLOSED

ok, also, just to be clear, the "namelc" column is the same as login, but all lowercase, so you'd need to do something like "strtolower(addslashes($login))" on that column.

I presume we should increase the size of both columns?

from phplist-plugin-simplesaml.

Truncate the NameID to 25 characters to make the comparison work, this method is risky because the first 25 characters of the NameID might be identical for more than one user.

IMO, I'd avoid a method which we know that can cause problems in the future. We want it to be optimized as much as possible.

Do a collision free harsh that converts to <= 25 characters and store the harsh instead

This could be a possible solution.

Update the phplist database to accept more than 25 characters.

So in this phase the loginname it works correctly with less than 25 characters, right?
@michield Would be helpful to share your thoughts on this.

NB : Keycloak (the IdP in this case) does not provide any other unique identifyiing information such as email. Configuring the NameIDPolicy...

Found these discussions related to this issue, you might have probably seen them but sharing the links here anyway. Maybe can help as a reference.
keycloak/keycloak#8839
https://github.com/sventorben/keycloak-home-idp-discovery

Also I have a question regarding the login.
Again you might previously discussed this with Michiel but considering that I don't know many details on this project, if you could kindly provide some information on this :

- Is it going to work (if yes, how) sso to one/multiple phplist accounts using user credentials stored on another phplist account?

from phplist-plugin-simplesaml.

• Is it going to work (if yes, how) sso to one/multiple phplist accounts using user credentials stored on another phplist account?

Not sure what you are asking.

from phplist-plugin-simplesaml.

It's ok to ignore the question, since phplist doesn't allow to have multiple accounts with the same email.

How is it going with the steps above.
Is there something I can help you with ?

from phplist-plugin-simplesaml.

I think the hash idea is good, except that a sha256 hash is 60 characters and even an md5 one is longer than 25.

So, I think we want to combine the two. The UUID you get back is 39 characters, but it may be that some are longer, so we can't rely on that. So, we update the DB to allow 65 characters and store the sha256 hash of the UUID. The hash will always be the same length, so that is more reliable.

Do you think that will work? So the plan is to do two things:

1. increase the size of the column to 66
2. store the sha256 and use it for comparison

from phplist-plugin-simplesaml.

@michield If we increase the size of the column to 66, we might not need to SHA it..... So updating the DB column to accept upto 66 chars is +1.

The identification returned is usually 38 chars (G-c526ae09-f072-4401-86eb-9ca7a3817a3a)

from phplist-plugin-simplesaml.

Sounds like the right thing to do!

By the way, realized namelc is set to VAR(255) so there's no issue with that.

from phplist-plugin-simplesaml.