Scott Boggs wrote: >Del <del <at> babel.com.au> writes: > > > >>Scott Boggs wrote: >> >> >>>I am curious; I understand that LDAP does not enforce case sensitivity for >>>user names or passwords. >>>However, I am wondering if there is a method to enforce such a policy on >>>fedora-ds? I noticed the behavior earlier this week and it reminded me this >>>behavior in LDAP. I am using a older version of fds, any chance the newer >>>version addresses this? >>> >>> >>I would strongly recommend against doing this for user names (actually >>passwords are case sensitive). It's impossible to make user names in >>email addresses case sensitive (it breaks various RFCs) so there is no >>reason to make user names at the system end, where any possible MTA/MDA >>might live, case sensitive. >> >> >> > >I understand the reasons behind the case-sensitivity enforcement. However, I >need to find a method to enforce case with the usernames. There will be no >email interaction involved. Any suggestions? Thanks > > Username (specifically, the uid attribute) is configured as case insensative in the server schema - i.e. the definition of the uid attribute defines it as case insensative. This is a schema configuration issue, not a code issue or option (i.e. not something that a new version of software will change). I believe the uid attribute is defined in 00core.ldif. You probably _could_ change the definition of the attribute to make it case sensative. However, as others here have said, I'd strongly recommend not doing this - it violates rfc's, and any off-the-shelf apps you plan to integrate against your directory now or in the future may very well break in some way, possibly in unexpected ways or at unexpected times. I'd only do this if you are using this non-standard schema directory purely for internally developed apps, and only if you never plan to deploy/distribute that app outside your own organization, and even then, I'd still recommend against it for whoever inherits it from you some day in the future, or if you upgrade your directory and forget to make this modification next time around. However, if this is a purely internal app, you have full freedom to use whatever custom schema you want. Given that freedom though, I would recommend instead doing something like the following instead of modifying standard schema: 1. Create an "altuid" attribute (or whatever you want to call it) that is in the format you want - case sensative, etc. 2. Create a new objectclass, say inherited from objectclass inetorgperson. 3. Add altuid as an attribute of that objectclass. Use this objectclass when you define your users. >I am needing to force the usernames to all lowercase I was thinking that it >related to this "OID: 1.3.6.1.4.1.1466.115.121.1.26" (IA5string syntax) am I off >base? > Do you need usernames to be case sensative, or do you need them to be all lowercase? Very different thing - if you need them to be case sensative, you can do one of the things I mentioned above. If you need them to be strictly lower case, whatever you use to create users in the directory needs to validate usernames and only put in usernames that are lower case - i.e. create a custom web front end in php, perl, etc for managing users. When it creates new user entries, have that interface lowercase usernames before putting it in the uid attribute and creating the user entry. Can you expand a bit on what your application is or why it needs this? What about your application, environment, etc is driving a need for case sensative uid's or lowercase uids. Is it an issue of syncing with another environment that has these requirements/format, etc? If we knew more about what is driving this need, we may be able to provide more useful advise or suggestions. - Jeff