Issue 1838: Failed to login using LDAP with Windows Active Directory, when 'display name' and 'logon name' not match
Status:  New
Owner: ----
Reported by xzpe...@gmail.com, Mar 21, 2013
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:

Gerrit Code Review 2.5.2

What steps will reproduce the problem?

1.Start up Gerrit gracefully
2.In windows Server Manager -> Active Directory Domain Services -> Active Directory Users and Computers -> xxx.xxx.xxx (domain name of the server) -> Users, create user 'test' under domain. Here set all names (display name, logon name, etc.) to 'test'. 
3.I can login gerrit using 'test' user now
4.Same as 2nd step, just change 'display name' of user test to something else, like 'test2'
5.Try to login gerrit using 'test' user again

What is the expected output? What do you see instead?

Since I only changed the display name of user 'test', I should have no problem during the login. (and since I have logged in successfully, I should have no other configuration problem)

However, after changed display name, I cannot login with user 'test'. Gerrit log:
[2013-03-21 07:13:47,290] INFO  com.google.gerrit.httpd.auth.ldap.UserPassAuthServiceImpl : 'test' failed to sign in: Incorrect username or password

Please provide any additional information below.

gerrit.config:

[gerrit]
        basePath = git
        canonicalWebUrl = ### masked
[database]
        type = H2
        database = db/ReviewDB
[auth]
        type = LDAP_BIND
[sendemail]
        smtpServer = localhost
[container]
        user = gerrit2
        javaHome = /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = http://*:8081/
[cache]
        directory = cache
[ldap]
        server = ### masked
        username = ### masked
        password = ### masked

        accountBase = ### masked
        accountPattern = (&(objectClass=person)(sAMAccountName=${username}))
        accountFullName = displayName
        accountMemberField = memberOf
        accountEmailAddress = userPrincipalName

        groupBase = ### masked
        groupPattern = (cn=${groupname})