On 4/27/21 5:38 AM, William Brown wrote:
On 27 Apr 2021, at 09:42, Mark Reynolds <[email protected]> wrote:
On 4/26/21 3:34 PM, Ghiurea, Isabella wrote:
Hi List,
I need help with the following ldap issue , we are running
389-ds-base-1.3.7.5-24.el7_5.x86_64
-how to check if 389-DS is cfg to be case sensitive?
- how to cfg the cn attribute which is indexed in my DS to be case
sensitive ?
Sorry, you can't (shouldn't). "cn" is a standard attribute with a predefined syntax.
"cn" is used internally by the server for many things, and it is expected to be case insensitive.
Making it case-sensitive could break things in ways that would be very difficult to troubleshoot. You should
never attempt to modify the server's core schema. Especially "cn" - just look at all the entries
under cn=config...
I completely agree with Mark here. You should probably define a new custom
attribute instead that has the rules you need.
I also agree that changing a matching rule of a standard attribute is
not a good idea.
In case you want to do SRCH with 'cn' being case sensitive you may use
extensible syntax of the filter like:
# search with 'cn' using its default equality matching rule (case
insensitive)
ldapsearch -LLL ... -b 'ou=people,dc=example,dc=com' '(cn=demo user)'
dn: uid=demo_user,ou=people,dc=example,dc=com
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
uid: demo_user
cn: Demo User
displayName: Demo User
legalName: Demo User Name
uidNumber: 99998
gidNumber: 99998
homeDirectory: /var/empty
loginShell: /bin/false
# search with 'cn' using exact MR and the exact case of the 'cn' value
ldapsearch -LLL -h localhost -p 38901 -D 'cn=Directory Manager' -w
password -b 'ou=people,dc=example,dc=com' '(cn:caseExactMatch:=Demo
User)'
dn: uid=demo_user,ou=people,dc=example,dc=com
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
uid: demo_user
cn: Demo User
displayName: Demo User
legalName: Demo User Name
uidNumber: 99998
gidNumber: 99998
homeDirectory: /var/empty
loginShell: /bin/false
# the same search with exact MR but with a assertion value that
differs from attribute value
# returns no entry
ldapsearch -LLL...-b 'ou=people,dc=example,dc=com'
'(cn:caseExactMatch:=demo user)'
Note that if you are willing to us extensible search with exact MR, it
would also be good to index 'cn' with this MR (else you will trigger
unindexed search).
regards
thierry
Regards,
Mark
Thank you
Isabella
_______________________________________________
389-users mailing list --
[email protected]
To unsubscribe send an email to
[email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
