Top posting as this goes a bit off-topic.
First, for those administrators that require it, I would recommend arranging to modify the OpenLDAP code to enforce case sensitivity and have the team add the "patch" as a supported "option". I'm not sure how well the team will accept that idea.
Second, though, I'd like to point out that as it stands OpenLDAP does (or seems to, I'm no expert) support the specifications tightly and that is a good thing. Those who care about this, perhaps a dwindling community of old-fashion developers, will hopefully agree with me and consider this an opportunity to test clients for compliance, which would be more difficult if the standards are relaxed.
So I disagree with Felix that this is a show stopper and recommend staying within the boundaries of the standards as far as possible, preferably encouraging others to do the same. Let's try to envisage how Microsoft would handle this and see which situation is preferable.
Lucio.
On 2022/06/05 22:57, Felix Schäfer wrote:
Good evening,
Am 05.06.2022 um 22:00 schrieb Quanah Gibson-Mount quanah@fast-mail.org:
ou is a case insensitive attribute, there is no issue here unless poorly written applications are expecting case sensitivity to be preserved.
Ok, so what you are saying is dynlist can not be used as a drop-in replacement for memberof, correct? Fair, but maybe don’t be surprised if people get discouraged trying to use or using OpenLDAP.
Let’s go with another part of the argument. Are there other case sensitive attributes that could be part of the dn and cause a mismatch because of the casing? Would the casing be discarded in the memberOf in that case?
Anyway, we haven’t migrated yet because of such minutiae. We are not aware of one of the apps using the LDAP being case-sensitive in the memberOf (NextCloud, Zammad and Gitlab don’t seem to be?) attribute, but we’d rather not find out the hard way.
If the answer is „this is intended“, we can live with it and consider dynlist to not be a drop-in replacement for memberof and just continue using the later.
Thanks,
Felix