Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)

Charlie <medievalist@gmail.com> Thu, 03 December 2015 22:45 UTC

Return-Path: <medievalist@gmail.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E5D31B2B26 for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 14:45:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ct_hX-yCccIv for <ldapext@ietfa.amsl.com>; Thu, 3 Dec 2015 14:45:22 -0800 (PST)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A5121B2B45 for <ldapext@ietf.org>; Thu, 3 Dec 2015 14:45:22 -0800 (PST)
Received: by lbcdv4 with SMTP id dv4so10519641lbc.2 for <ldapext@ietf.org>; Thu, 03 Dec 2015 14:45:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eC+PWgKHO+y8cdmIqmn4OLh/WNCmY5/SvBJLB+q4l4s=; b=GG55V2vvV322633dPNx/u7LahwssV3PFBXmg3h6gLkwY2VC437YeHh0qzqI7pEJvJd yHsVondvovE231WX+f4xezaBpNTXcQHd4cNy7RR4GXrFnDvdRrX2uOvh4SebXIQXbLXf JK08UHPmCk5/vdUnxgu0XxdVgglsf6c+SUmdy25QvsqaG2SMAPK7tcZVsAAX8cTLkbZB 0A//K2hjF61B/hZ28Ly5LlEwkKFgBcGjorwYAR0EzKQCYbRYeXvu8d4wdkchx7bh5dZK pKkbZF3Y48hR46J3YGtnUR4NudW9fwUlqlajSPtJ4q1Nv8AhGscq3gC0WlHYtGEnvuOv HkgQ==
MIME-Version: 1.0
X-Received: by 10.112.247.103 with SMTP id yd7mr6756335lbc.46.1449182720286; Thu, 03 Dec 2015 14:45:20 -0800 (PST)
Received: by 10.114.80.193 with HTTP; Thu, 3 Dec 2015 14:45:20 -0800 (PST)
In-Reply-To: <56607926.1080306@oracle.com>
References: <5655E4F0.7030809@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F618A3@OZWEX0209N1.msad.ms.com> <565CAC30.6010701@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8EAFD@OZWEX0209N2.msad.ms.com> <565DDE78.5030908@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F8F30E@OZWEX0209N2.msad.ms.com> <565F1EB2.9060405@oracle.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F3A@OZWEX0209N2.msad.ms.com> <814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F6F@OZWEX0209N2.msad.ms.com> <56607926.1080306@oracle.com>
Date: Thu, 3 Dec 2015 17:45:20 -0500
Message-ID: <CAJb3uA4n+9LMj2gMYg_CA-YLechhnxk4mDsRQ2am+zeu-Veq1w@mail.gmail.com>
From: Charlie <medievalist@gmail.com>
To: Jordan Brown <Jordan.Brown@oracle.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/y_YfwnU02Np01fBHcErMQxwKmT4>
Cc: "ldapext@ietf.org" <ldapext@ietf.org>
Subject: Re: [ldapext] Case sensitivity of user/group names (was Re: DBIS commentary)
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 22:45:23 -0000

Well, in a cleanly integrated environment, I'd expect to see most
users' Microsoft SamAccountName and POSIX uid be identical lower-cased
strings less than 20 characters long.  I believe all currently
shipping LDAP directory implementations support the necessary schema.
Certainly AD and OpenLDAP both do.

SamAccountName should be case-insensitive, uid should be
case-sensitive.  If you use each one appropriately in the environment
for which it is intended, you can let POSIX sysadmins and Windows
sysadmins retain whatever preferences, whims or bigotries they
treasure.  End users will be able to use all their systems as the
documentation directs them, and programmers will be able to rely on
their man pages &etc.

I just don't see any significant advantages to using a single naming
attribute shared with other systems.   Why bother?   It's all pain, no
gain.  Keeping case-sensitive and case-insensitive versions of user
identifiers is easier and gives better results.  All software on the
local node will perform as expected, and no OS documentation needs to
be rewritten.

--Charlie