Bonsoir,
2015-02-27 22:10 GMT+01:00 Bram Cymet bcymet@cbnco.com:
Hi,
I am using openldap 2.4.26. My system ignores case when doing binds:
Feb 27 16:08:08 devauth slapd[2437]: conn=2723 op=1 BIND dn="uid=Bcymet@cbnco.com,ou=test_websales_users,dc=ls,dc=cbn" method=128 Feb 27 16:08:08 devauth slapd[2437]: => bdb_entry_get: found entry: "uid=bcymet@cbnco.com,ou=test_websales_users,dc=ls,dc=cbn"
So this happily binds with bcymet@cbnco.com or Bcymet@cbnco.com and returns the same entry.
That's because the "uid" attribute type is case insensitive. Taken from RFC4519:
( 0.9.2342.19200300.100.1.1 NAME 'uid' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Is this a configuration error on my part? Is it possible to have case sensitive binds and if so what do I have to change?
You could define your own attribute type and declare another matching rule for it (caseExactMatch, for example). And use this attribute instead of "uid". Or consider that "BCYMET@CBNCO.COM" is the same "bcymet@cbnco.com", just louder.