Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)
Charlie <medievalist@gmail.com> Thu, 03 December 2015 23:24 UTC
Return-Path: <medievalist@gmail.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FC71A1A17 for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 15:24:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ne-0QsWx05-b for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 15:24:33 -0800 (PST)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C63F71A1A04 for <ldapext@ietf.org>; Thu, 3 Dec 2015 15:24:32 -0800 (PST)
Received: by lfaz4 with SMTP id z4so101292393lfa.0 for <ldapext@ietf.org>; Thu, 03 Dec 2015 15:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3ZwgWQG2NAdNOVBecbrm3OCjXbh2ggN3ZVW00fBx/Vw=; b=XFQSEYb8nrSvoLD5X0FDG7lgjlBF4CLa2bNs4TG5JZ7NNI7PJ3lFi48BQjPst11xBS t3Fwplke5Po6s/G4V1OKWAHGj/NN/XhKW092haA6rP2dN5K4Fo6sUIYC726lM2MejmNi pNF3/NOEnkhsJEoS8SvdeDhoESMv7oQkWZHwexn8HJ039V2fPa22MWqm/WP4HiiMgwiu ufebz9oBLWbOdROXBf7v1xRLpPNjcQP5K7mRZJYkuaN1v4m+9Oz6cTD1ihMp+5QXd3fU mrq0RpPVnzSJ34YlgskAvwIlQpkhPHGPUesIWzq6iB/wBn4Ehq0hLLisE9Mx7/RqBNrY ds2A==
MIME-Version: 1.0
X-Received: by 10.25.29.205 with SMTP id d196mr6740310lfd.81.1449185071031; Thu, 03 Dec 2015 15:24:31 -0800 (PST)
Received: by 10.114.80.193 with HTTP; Thu, 3 Dec 2015 15:24:30 -0800 (PST)
In-Reply-To: <5660C9ED.7040000@oracle.com>
References: <5655E4F0.7030809@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F618A3@OZWEX0209N1.msad.ms.com> <565CAC30.6010701@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8EAFD@OZWEX0209N2.msad.ms.com> <565DDE78.5030908@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8F30E@OZWEX0209N2.msad.ms.com> <565F1EB2.9060405@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F3A@OZWEX0209N2.msad.ms.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F6F@OZWEX0209N2.msad.ms.com> <56607926.1080306@oracle.com> <CAJb3uA4n+9LMj2gMYg_CA-YLechhnxk4mDsRQ2am+zeu-Veq1w@mail.gmail.com> <5660C9ED.7040000@oracle.com>
Date: Thu, 03 Dec 2015 18:24:30 -0500
Message-ID: <CAJb3uA7Dsazhw2oVhoDsANQoeADQipqUWmMQ4wzM-4V5M8Z3tA@mail.gmail.com>
From: Charlie <medievalist@gmail.com>
To: Jordan Brown <Jordan.Brown@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/4TRdjAIDviWag76J85njz7YUwDE>
Cc: "ldapext@ietf.org" <ldapext@ietf.org>
Subject: Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 23:24:34 -0000
On Thu, Dec 3, 2015 at 6:02 PM, Jordan Brown <Jordan.Brown@oracle.com> wrote: > On 12/3/2015 2:45 PM, Charlie wrote: >> >> Well, in a cleanly integrated environment, I'd expect to see most >> users' Microsoft SamAccountName and POSIX uid be identical lower-cased >> strings less than 20 characters long. I believe all currently >> shipping LDAP directory implementations support the necessary schema. >> Certainly AD and OpenLDAP both do. >> >> SamAccountName should be case-insensitive, uid should be >> case-sensitive. > > If sAMAccountName and uid are identical, and sAMAccountName is > case-insensitive, doesn't that mean that you can't have two users whose > 'uid' differs only in case? I think you missed the word "most"? Normal user accounts being created today would be unlikely to differ from each other only in case. Just old stuff and unique hacks. > It would seem that the only visible effect of such a configuration is that > an attempt to look up a wrong-case name on UNIX would fail, which is > compatible in some sense but doesn't seem to really add any value over > case-insensitivity. I see compatibility with published standards and system documentation as being vastly more valuable than catering to typing mistakes, but obviously that's just my opinion. More importantly, *nix tools and system utilities are going to make case-sensitive comparisons of usernames internally, so if your name service daemons aren't case-sensitive as well, *nix-based systems are likely to be subtly broken. Comparisons aren't restricted to the LDAP service host, they happen on the local OS too - including in site-developed code that was built to documented standards. --Charlie
- Re: [ldapext] DBIS commentary Bannister, Mark
- Re: [ldapext] DBIS commentary Steven Legg
- Re: [ldapext] DBIS commentary Simo Sorce
- Re: [ldapext] DBIS commentary Charlie
- Re: [ldapext] DBIS commentary Jordan Brown
- Re: [ldapext] DBIS commentary Bannister, Mark
- Re: [ldapext] DBIS commentary Ludovic Poitou
- Re: [ldapext] DBIS commentary Jordan Brown
- Re: [ldapext] DBIS commentary Charlie
- Re: [ldapext] DBIS commentary Jordan Brown
- [ldapext] Case sensitivity of user/group names (w… Jordan Brown
- Re: [ldapext] DBIS commentary Simo Sorce
- Re: [ldapext] DBIS commentary Simo Sorce
- [ldapext] Using groupOfNames (or similar) for UNI… Jordan Brown
- Re: [ldapext] DBIS commentary Bannister, Mark
- Re: [ldapext] Case sensitivity of user/group name… Bannister, Mark
- Re: [ldapext] DBIS commentary Jordan Brown
- Re: [ldapext] Using groupOfNames (or similar) for… Simo Sorce
- Re: [ldapext] Using groupOfNames (or similar) for… Jordan Brown
- Re: [ldapext] Using groupOfNames (or similar) for… Simo Sorce
- Re: [ldapext] DBIS commentary Bannister, Mark
- Re: [ldapext] DBIS commentary Bannister, Mark
- Re: [ldapext] Case sensitivity of user/group name… Jordan Brown
- Re: [ldapext] DBIS commentary Jordan Brown
- Re: [ldapext] Case sensitivity of user/group name… Charlie
- Re: [ldapext] Case sensitivity of user/group name… Jordan Brown
- Re: [ldapext] Case sensitivity of user/group name… Charlie
- Re: [ldapext] Case sensitivity of user/group name… Jordan Brown
- Re: [ldapext] Case sensitivity of user/group name… Oza, Dhairesh
- [ldapext] Case sensitivity summary Andrew Findlay
- Re: [ldapext] Case sensitivity summary Michael Ströder
- [ldapext] draft-masarati-ldap-deref as ldapext wo… Michael Ströder
- Re: [ldapext] Case sensitivity summary Simo Sorce
- Re: [ldapext] draft-masarati-ldap-deref as ldapex… Howard Chu
- Re: [ldapext] draft-masarati-ldap-deref as ldapex… Simo Sorce
- Re: [ldapext] Case sensitivity summary Andrew Findlay
- Re: [ldapext] Case sensitivity summary Michael Ströder
- Re: [ldapext] Using groupOfNames (or similar) for… Andrew Findlay
- Re: [ldapext] Case sensitivity of user/group name… Jordan Brown
- Re: [ldapext] Case sensitivity summary Bannister, Mark
- Re: [ldapext] Case sensitivity summary Andrew Findlay
- Re: [ldapext] Case sensitivity summary Bannister, Mark