Lowercase LDAP usernames by default for authentication

app/Auth/Ldap.php

@@ -29,6 +29,7 @@ class Ldap extends Base
      */
     public function authenticate($username, $password)
     {
+        $username = LDAP_USERNAME_CASE_SENSITIVE ? $username : strtolower($username);
         $result = $this->findUser($username, $password);
 
         if (is_array($result)) {

app/constants.php

@@ -36,6 +36,7 @@ defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', '');
 defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
 defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
 defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', '');
+defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', false);
 
 // Google authentication
 defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false);

config.default.php

@@ -85,6 +85,10 @@ define('LDAP_ACCOUNT_EMAIL', 'mail');
 // Example for OpenLDAP: 'uid'
 define('LDAP_ACCOUNT_ID', 'samaccountname');
 
+// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
+// Set to true if you want to preserve the case
+define('LDAP_USERNAME_CASE_SENSITIVE', false);
+
 // Enable/disable Google authentication
 define('GOOGLE_AUTH', false);
 

docs/ldap-authentication.markdown

@@ -76,6 +76,15 @@ define('LDAP_ACCOUNT_FULLNAME', 'displayname');
 
 // Name of an attribute of the user account object which should be used as the email of the user.
 define('LDAP_ACCOUNT_EMAIL', 'mail');
+
+// Name of an attribute of the user account object which should be used as the id of the user.
+// Example for ActiveDirectory: 'samaccountname'
+// Example for OpenLDAP: 'uid'
+define('LDAP_ACCOUNT_ID', 'samaccountname');
+
+// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
+// Set to true if you want to preserve the case
+define('LDAP_USERNAME_CASE_SENSITIVE', false);
 ```
 
 ### LDAP bind type