Quanah Gibson-Mount quanah@symas.com schrieb am 14.08.2019 um 01:09 in
Nachricht <59A1EC7FB57F5649201E5D92@[192.168.1.144]>:
‑‑On Tuesday, August 13, 2019 4:25 PM +0000 JC lovecraftesque@yahoo.com wrote:
Now it seems to be the case that, with a user entry in OpenLDAP as described above, getpwnam("james") will look for an entry such that the its uid attribute takes the value "james". I.e. if the value of uid is, say, "James" then it will be ignored. Which, following the discussion above, doesn't fit my goal.
The "uid" attribute is explicitly defined to be case insensitive in RFC1274, see section 9.3.1 "userid". This is reflected in the OpenLDAP core schema:
#attributetype ( 0.9.2342.19200300.100.1.1 # NAME ( 'uid' 'userid' ) # DESC 'RFC1274: user identifier' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
However UNIX is not case-insensitive. We had the case that entering a valid user's name in capital letters (dammed Shift-lock key) caused an authentication failure, and nscd in turn cached that (case-insensitively), so after that even entering the user name in lower case caused a (cached) authentication failure. (I had tried to convince support that this is a bug in nscd, but failed to convince them)
So be warned: UNIX is not case-insensitive!
Regards, Ulrich
Regards, Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com