Hi again, Sorry. I wasn't enough clear in my answer.
Of course you shouldn't normalize the data in the LDAP-catalogue. The problem is that the user supplies the user identity arbitrary that wy CAS have to return the values stored in the back line authentications system or else CAS is not user friendly or application friendly. Handle the pain where it's easiest. Pål Axelsson > -----Ursprungligt meddelande----- > Från: [email protected] [mailto:[email protected]] > För Michael Ströder > Skickat: den 29 januari 2009 23:46 > Till: Yale CAS mailing list > Ämne: Re: SV: Userid toLowerCase > > Pål Axelsson wrote: > > > > If an attribute is case insensitive or not is up to the schema > > definition. > > Yes. But each schema definition of all application databases with user > data (e.g. authz information) has to declare the user's ID as > case-insensitive. Or better said: The equality matching when looking up > user data in each database has to be case-insensitive. Therefore one > also has to fix the application databases. > > > In RFC 4517 where uid is defined it clearly states that uid is case > > insenstive so CAS should handle this out of the box. > > Strictly speaking the definition of LDAP matching rules in RFC 4517 > only > specifies how the LDAP server is supposed to perform the matching when > searching for entries. That's not the problem of the original poster. > > > The easiest way is to return the uid instead of the user supplied > > user id. > > Whatever that means in your setup. ;-) > > > This way it doesn't matter what the user supplies, it > > returnes the correct value to the application. > > Note that while most LDAP servers implement a case-insensitive matching > when searching entries the storage of attribute values is implemented > in > a case-respecting fashion without any normalization. Which means you > could actually have mixed-case values for attribute 'uid'. And then > you're back to the original problem. > > Don't mess equality matching for searching with storing normalized > values. > > Ciao, Michael. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
