Search

GlobalSCAPE Knowledge Base

LDAP User Name Validation Configuration

Karla Marsh
Mail Express

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • Mail Express v4.0.2

DISCUSSION

This document will provide guidance for using LDAP user name validation configuration feature available in Mail Express 4.0.2.

Removing/Changing Mail Express Email Validation

The user name validation configuration parameter is located in the staticConfig.xml file, located in the Mail Express installation directory (e.g., C:\Program Files\Globalscape\Mail Express\webapps\ROOT\WEB-INF\classes\META-INF). By default, the validation allows all valid LDAP characters (per RFCs 2254 and 4515).  When values are defined within the configuration file, user names with any of the specified characters present will be immediate rejected.

To replace edit the user name validation configuration

  1. For backup purposes, make a copy of staticConfig.xml file and then paste it in the same directory. It will be saved as Copy of staticConfig.xml.
  2. Locate the following section in the staticConfig.xml file:
<!--
Some LDAP providers may not correctly handle all allowed values in an LDAP query.
This allows you to specify characters in a username that should cause immediate rejection.
This will reject the request, not encode the characters. Below values must be xml
escaped (e.g., '<' is <value>&lt;</value>).     
-->
<bean id="MailExpressLDAP.usernameProhibitedCharacters" class="java.util.HashSet">
<constructor-arg>
<set>
</set>
</constructor-arg>
<meta key="Description"
value="usernameProhibitedCharacters -  Specifies a set of characters that will cause rejection of an authentication attempt in LDAP auth." />
</bean>

Enter values to be restricted between the <set> and </set> lines.  Values must use any XML predefined entities for double quotation, ampersand, apostrophe, less-than and greater-than.  For example, to specify the ampersand (&), you would use &amp; but for a space, you can just specify an empty space.

The example below restricts <, >, ", &, !, ? characters and spaces:

<!--
Some LDAP providers may not correctly handle all allowed values in an LDAP query.
This allows you to specify characters in a username that should cause immediate rejection.
This will reject the request, not encode the characters. Below values must be xml
escaped (e.g., '<' is <value>&lt;</value>).     
-->
<bean id="MailExpressLDAP.usernameProhibitedCharacters" class="java.util.HashSet">
<constructor-arg>
<set>         
<value>&lt;</value>
<value>&gt;</value>
<value>&quot;</value>
<value>&amp;</value>
<value>!</value>
<value>?</value>
<value> </value>
</set>
</constructor-arg>
<meta key="Description"
value="usernameProhibitedCharacters -  Specifies a set of characters that will cause rejection of an authentication attempt in LDAP auth." />
</bean>

After making your changes and saving the staticConfig.xml file, restart the Mail Express Server Service.

Details
Last Modified: 5 Years Ago
Last Modified By: GlobalSCAPE 5
Type: HOWTO
Article not rated yet.
Article has been viewed 7.9K times.
Options
Also In This Category
Tags