On Sun, 2008-01-06 at 17:35 -0800, Howard Chu wrote:
Howard Chu wrote:
It's not just perfectly valid, it is exactly correct. RFC4519 defines the attribute name to be 'cn' and we always return the canonical name for a given attribute. As always with Microsoft, AD is a broken abomination.
Of course, the point remains that attribute names are case-insensitive, and any user doing a case-sensitive compare on the attribute names is begging for disappointment.
I know we've had this conversation before, but I think it bears repeating - you don't always need to be bug-for-bug compatible with Microsoft.
Perhaps it's my history with this area, or working in for appliance vendors in the past, but I've never quite had the luxuary of being able to say 'our users will understand, we are doing it right'.
Of course things will be different, and the network interfaces won't quite match up, but the lesson the team has had so often is until your tests prove you are byte-for-byte idential, something will break...
So weigh that into your bug-for-bug-compatibility considerations - over time, Samba+OpenLDAP will be the #1 directory deployed in Windows environments, just as it already is in Unix/Linux environments. As long as neither one of us badly screws up the code bases it is inevitable. So some places where you bend over backwards to accommodate Microsoft's flagrant disregard of open standards won't be so important down the road, because we are the de jure standard and will be the de facto standard.
In the meantime, I have to hope we can produce something that can get us into the position. How do we slip into an IT department that already has it's scripts, processes and stubbornly, poorly written software, without breaking the lot?
Andrew Bartlett