Scott Boggs wrote:
Del <del <at> babel.com.au> writes:
Scott Boggs wrote:
I am curious; I understand that LDAP does not enforce case sensitivity for
user names or passwords.
However, I am wondering if there is a method to enforce such a policy on
fedora-ds? I noticed the behavior earlier this week and it reminded me this
behavior in LDAP. I am using a older version of fds, any chance the newer
version addresses this?
I would strongly recommend against doing this for user names (actually
passwords are case sensitive). It's impossible to make user names in
email addresses case sensitive (it breaks various RFCs) so there is no
reason to make user names at the system end, where any possible MTA/MDA
might live, case sensitive.
I understand the reasons behind the case-sensitivity enforcement. However, I
need to find a method to enforce case with the usernames. There will be no
email interaction involved. Any suggestions? Thanks
Username (specifically, the uid attribute) is configured as case
insensative in the server schema - i.e. the definition of the uid
attribute defines it as case insensative. This is a schema
configuration issue, not a code issue or option (i.e. not something that
a new version of software will change).
I believe the uid attribute is defined in 00core.ldif. You probably
_could_ change the definition of the attribute to make it case
sensative. However, as others here have said, I'd strongly recommend
not doing this - it violates rfc's, and any off-the-shelf apps you plan
to integrate against your directory now or in the future may very well
break in some way, possibly in unexpected ways or at unexpected times.
I'd only do this if you are using this non-standard schema directory
purely for internally developed apps, and only if you never plan to
deploy/distribute that app outside your own organization, and even then,
I'd still recommend against it for whoever inherits it from you some day
in the future, or if you upgrade your directory and forget to make this
modification next time around.
However, if this is a purely internal app, you have full freedom to use
whatever custom schema you want. Given that freedom though, I would
recommend instead doing something like the following instead of
modifying standard schema:
1. Create an "altuid" attribute (or whatever you want to call it) that
is in the format you want - case sensative, etc.
2. Create a new objectclass, say inherited from objectclass inetorgperson.
3. Add altuid as an attribute of that objectclass.
Use this objectclass when you define your users.
I am needing to force the usernames to all lowercase I was thinking that it
related to this "OID: 1.3.6.1.4.1.1466.115.121.1.26" (IA5string syntax) am I off
base?
Do you need usernames to be case sensative, or do you need them to be
all lowercase? Very different thing - if you need them to be case
sensative, you can do one of the things I mentioned above. If you need
them to be strictly lower case, whatever you use to create users in the
directory needs to validate usernames and only put in usernames that are
lower case - i.e. create a custom web front end in php, perl, etc for
managing users. When it creates new user entries, have that interface
lowercase usernames before putting it in the uid attribute and creating
the user entry.
Can you expand a bit on what your application is or why it needs this?
What about your application, environment, etc is driving a need for case
sensative uid's or lowercase uids. Is it an issue of syncing with
another environment that has these requirements/format, etc? If we knew
more about what is driving this need, we may be able to provide more
useful advise or suggestions.
- Jeff
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
