On 6/6/22 17:35, Quanah Gibson-Mount wrote:
--On Monday, June 6, 2022 5:19 PM +0200 Michael Ströder michael@stroeder.com wrote:
Like it or not, for strictly matching POSIX group names you *must* distinguish these values no matter what the LDAP matching rule says:
memberOf: cn=Foo,ou=1,dc=example,dc=com memberOf: cn=foo,ou=2,dc=example,dc=com
(note the different parent DNs)
Regardless of case sensitivity, these are already by definition two entirely separate groups because they point to different entries.
This is your personal interpretation based on focusing on the DN matching rule.
But it's not a sufficient argument if you think in terms of compability to the origin of the 'memberOf' attribute (MS AD, look at OID used).
Ciao, Michael.