Andrew Bartlett wrote:
I've been working on making Samba4 pass it's testsuite with OpenLDAP as a backend.
One of my tests does what no LDAP client should do - it applies a case sensitive comparison of the returned DN, compared with what we expect and get from AD.
For example, we search for cn=ldaptestmachine and then ensure we get:
CN=ldaptestmachine,CN=Users,DC=samba,DC=example,DC=com
OpenLDAP returns
cn=ldaptestmachine,cn=users,dc=samba,dc=example,dc=com
which I'm sure is perfectly valid, but if I can write a bodgy script with case sensitive comparisons, so can an admin or sloppy app. Working in the windows space makes me like to eliminate differences where I can.
It's not just perfectly valid, it is exactly correct. RFC4519 defines the attribute name to be 'cn' and we always return the canonical name for a given attribute. As always with Microsoft, AD is a broken abomination.
Of course, the point remains that attribute names are case-insensitive, and any user doing a case-sensitive compare on the attribute names is begging for disappointment.
Can the case of the attribute names (CN and DC) in that DN be made to be UPPER case easily? (Alternately I'll write a filter module on the Samba4 side to do that).
If you can do this easily on your side, that would be best. We could also write an overlay for the slapd side, but it would be far more effort than it's worth.
Thanks,
Andrew Bartlett