IETF Logo Mail Archive

Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)

"Oza, Dhairesh" <Dhairesh.Oza@netapp.com> Fri, 04 December 2015 07:11 UTC

Return-Path: <Dhairesh.Oza@netapp.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE6F1ACEB0 for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 23:11:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8i5lEi1_y5A for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 23:11:00 -0800 (PST)
Received: from mx142.netapp.com (mx142.netapp.com [216.240.21.19]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4568F1B2E64 for <ldapext@ietf.org>; Thu, 3 Dec 2015 23:10:58 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.20,380,1444719600"; d="scan'208";a="80834854"
Received: from hioexcmbx05-prd.hq.netapp.com ([10.122.105.38]) by mx142-out.netapp.com with ESMTP; 03 Dec 2015 23:05:58 -0800
Received: from HIOEXCMBX04-PRD.hq.netapp.com (10.122.105.37) by hioexcmbx05-prd.hq.netapp.com (10.122.105.38) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 3 Dec 2015 23:05:58 -0800
Received: from HIOEXCMBX04-PRD.hq.netapp.com ([::1]) by hioexcmbx04-prd.hq.netapp.com ([fe80::107a:3106:443b:1db%21]) with mapi id 15.00.1130.005; Thu, 3 Dec 2015 23:05:58 -0800
From: "Oza, Dhairesh" <Dhairesh.Oza@netapp.com>
To: Charlie <medievalist@gmail.com>, Jordan Brown <Jordan.Brown@oracle.com>
Thread-Topic: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)
Thread-Index: AQHRLe6O+FgodCN8CUyJPi8xgUdUmJ66YtIAgAAEroCAAAZDAP//5pwg
Date: Fri, 04 Dec 2015 07:05:57 +0000
Message-ID: <8f2da2363f684ec6bc95f8046dd81bd3@hioexcmbx04-prd.hq.netapp.com>
References: <5655E4F0.7030809@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F618A3@OZWEX0209N1.msad.ms.com> <565CAC30.6010701@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8EAFD@OZWEX0209N2.msad.ms.com> <565DDE78.5030908@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8F30E@OZWEX0209N2.msad.ms.com> <565F1EB2.9060405@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F3A@OZWEX0209N2.msad.ms.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F6F@OZWEX0209N2.msad.ms.com> <56607926.1080306@oracle.com> <CAJb3uA4n+9LMj2gMYg_CA-YLechhnxk4mDsRQ2am+zeu-Veq1w@mail.gmail.com> <5660C9ED.7040000@oracle.com> <CAJb3uA7Dsazhw2oVhoDsANQoeADQipqUWmMQ4wzM-4V5M8Z3tA@mail.gmail.com>
In-Reply-To: <CAJb3uA7Dsazhw2oVhoDsANQoeADQipqUWmMQ4wzM-4V5M8Z3tA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.122.56.79]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/msVZL0JekoDJKDxsY44Paxi-Ejk>
Cc: "ldapext@ietf.org" <ldapext@ietf.org>
Subject: Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 07:11:04 -0000

> 
> > It would seem that the only visible effect of such a configuration is
> > that an attempt to look up a wrong-case name on UNIX would fail, which
> > is compatible in some sense but doesn't seem to really add any value
> > over case-insensitivity.
> 
> I see compatibility with published standards and system documentation as
> being vastly more valuable than catering to typing mistakes, but obviously
> that's just my opinion.
> 
> More importantly, *nix tools and system utilities are going to make case-
> sensitive comparisons of usernames internally, so if your name service
> daemons aren't case-sensitive as well, *nix-based systems are likely to be
> subtly broken.  Comparisons aren't restricted to the LDAP service host, they
> happen on the local OS too - including in site-developed code that was built to
> documented standards.
 
They shouldn't be comparing names but uids/gids. Most tools and file systems do this. As long as the source for look-up is always LDAP for both the client and server and it handles the cases consistently, there should not be any problem. When specifying usernames in configs (like owner on files), it would be nice if case didn't matter.

So I agree with earlier comments that changing usernames that differ only in cases is a onetime pain that can be borne during the transition to LDAP from NIS.

Rgds
Dhairesh

> --Charlie
> 
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www.ietf.org/mailman/listinfo/ldapext

v2.23.0 | Report a Bug | By Email