The default Airlock IAM database schema uses the VARCHAR type for its string columns. If there are database schemas with a fixed-length string type (CHAR) on an Oracle database, Airlock IAM will not allow users to log-in.
Symptoms
Users can suddenly not log in anymore and the log messages indicate that the user was not found, although a user entry with the given username exists.
Reality check
The following conditions must be met:
- Airlock IAM uses an Oracle Database for managing its users
- The username column of either the admin or the user table is of type CHAR (assuming the users are stored in the
medusa_user
and the admins in themedusa_admin
table):
SELECT data_type FROM all_tab_columns
WHERE lower(table_name) IN ('medusa_admin','medusa_user')
AND lower(column_name) = 'username'
Solutions
- Convert username column to VARCHAR (create a backup beforehand!)
- or use the "User Name Resolve Query" in the "Database User Persisters". There the following query for users ensure that the username is padded with whitespaces to its fixed length.
ALTER TABLE medusa_admin MODIFY ( username VARCHAR(100) );
SELECT username FROM medusa_user WHERE RTRIM(username) = ?
The next query ensures the same for admins:
SELECT username FROM medusa_admin WHERE RTRIM(username) = ?