login: use case-sensitive names for display/kerberos

webapp/views.py

@@ -111,12 +111,22 @@ def login_form():
 
 @app.route('/login', methods=["POST"])
 def login_action():
+    # LDAP usernames/DNs are case-insensitive, so we normalize them just in
+    # case,
     username = flask.request.form.get("username", "").lower()
     password = flask.request.form.get("password", "")
     goto = flask.request.values.get("goto", "/")
     dn = config.dn_format % username
+
     conn = connect_to_ldap(dn, password)
     if conn:
+        # Now that we have logged in, we can retrieve the 'real' username (which
+        # might be cased differently from the login name).
+        res = conn.search_s(dn, ldap.SCOPE_SUBTREE)
+        for (k, vs) in res[0][1].items():
+            if k == 'uid':
+                username = vs[0].decode()
+
         flask.session["username"] = username
         flask.session['dn'] = dn
         context.refresh_profile()