Public bug reported: Hi, One of our users complained being rejected with 403 Unauthorized when moderating a list he's an owner of. We're using Ubuntu SSO for login purposes, and we noticed they had an uppercase letter in their email in both account_emailaddress and auth_user tables. We asked them to add the lowercase version of their email and remove the other one, but mailman complained email address is already attached to their account. We then did some db surgery, updating their email to the lowercase version in both tables, and it resolved their issue. Authentication should probably do a case-insensitive check of login email against auth database. We're using mailman version: 3.1.1-9 Ubuntu package On a sidenote: email address was in both account_emailaddress and auth_user, auth_user could also be updated, so it uses account_emailaddress.id instead of having duplicate data. Could you please let us know if there are other occurrences of email in the schema, and if we should replicate our manual changes in some other tables for our user ? Thank you! Loïc ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952755 Title: Permissions checks should be case-insensitive against login email To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952755/+subscriptions