--On Monday, June 6, 2022 10:29 AM +0200 Felix Schäfer felix.schaefer@tu-dortmund.de wrote:
Hi,
Am 06.06.2022 um 06:06 schrieb Lucio De Re lucio@ff.co.za:
So I disagree with Felix that this is a show stopper and recommend staying within the boundaries of the standards as far as possible, preferably encouraging others to do the same.
Again, my point isn't to say that one or the other approach is better or even that dynlist should adhere to whatever memberof did. However propping up dynlist to be a drop-in replacement for memberof, which it clearly is not, and especially without caveats attached to that claim, is at least dangerous for whomever might switch later and not pay as much attention, if not disingenuous.
If someone wrote code depending on memberOf to always maintain case with non-case sensitive attributes than their client was broken to begin with, as that was never a guarantee. I.e., the behavior of slapo-memberof could change at any time. So your starting position is invalid since it's based on incorrect assumptions.
slapo-dynlist is a functional replacement for the slapo-memberof that keeps the actual guarantees around the LDAP RFCs. Hope that helps.
--Quanah