[Fedora-directory-users] Re: Username Case Sensitivity

Mon Feb 20 18:11:55 UTC 2006

Scott Boggs wrote:

>Del <del <at> babel.com.au> writes:
>
>  
>
>>Scott Boggs wrote:
>>    
>>
>>>I am curious; I understand that LDAP does not enforce case sensitivity for
>>>user names or passwords.
>>>However, I am wondering if there is a method to enforce such a policy on
>>>fedora-ds?  I noticed the behavior earlier this week and it reminded me this
>>>behavior in LDAP. I am using a older version of fds, any chance the newer 
>>>version addresses this? 
>>>      
>>>
>>I would strongly recommend against doing this for user names (actually
>>passwords are case sensitive).  It's impossible to make user names in
>>email addresses case sensitive (it breaks various RFCs) so there is no
>>reason to make user names at the system end, where any possible MTA/MDA
>>might live, case sensitive.
>>
>>    
>>
>
>I understand the reasons behind the case-sensitivity enforcement.  However, I
>need to find a method to enforce case with the usernames.  There will be no
>email interaction involved. Any suggestions?  Thanks
>  
>

Username (specifically, the uid attribute) is configured as case 
insensative in the server schema - i.e. the definition of the uid 
attribute defines it as case insensative.  This is a schema 
configuration issue, not a code issue or option (i.e. not something that 
a new version of software will change).

I believe the uid attribute is defined in 00core.ldif.  You probably 
_could_ change the definition of the attribute to make it case 
sensative.  However, as others here have said, I'd strongly recommend 
not doing this - it violates rfc's, and any off-the-shelf apps you plan 
to integrate against your directory now or in the future may very well 
break in some way, possibly in unexpected ways or at unexpected times.

I'd only do this if you are using this non-standard schema directory 
purely for internally developed apps, and only if you never plan to 
deploy/distribute that app outside your own organization, and even then, 
I'd still recommend against it for whoever inherits it from you some day 
in the future, or if you upgrade your directory and forget to make this 
modification next time around.

However, if this is a purely internal app, you have full freedom to use 
whatever custom schema you want.  Given that freedom though, I would 
recommend instead doing something like the following instead of 
modifying standard schema:

1.  Create an "altuid" attribute (or whatever you want to call it) that 
is in the format you want - case sensative, etc.
2.  Create a new objectclass, say inherited from objectclass inetorgperson.
3.  Add altuid as an attribute of that objectclass.

Use this objectclass when you define your users.

>I am needing to force the usernames to all lowercase I was thinking that it
>related to this "OID: 1.3.6.1.4.1.1466.115.121.1.26" (IA5string syntax) am I off
>base?
>
Do you need usernames to be case sensative, or do you need them to be 
all lowercase?  Very different thing - if you need them to be case 
sensative, you can do one of the things I mentioned above.  If you need 
them to be strictly lower case, whatever you use to create users in the 
directory needs to validate usernames and only put in usernames that are 
lower case - i.e. create a custom web front end in php, perl, etc for 
managing users.  When it creates new user entries, have that interface 
lowercase usernames before putting it in the uid attribute and creating 
the user entry.

Can you expand a bit on what your application is or why it needs this?  
What about your application, environment, etc is driving a need for case 
sensative uid's or lowercase uids.  Is it an issue of syncing with 
another environment that has these requirements/format, etc?  If we knew 
more about what is driving this need, we may be able to provide more 
useful advise or suggestions.

 - Jeff