Earlier, someone (I think Alexander?) mentioned off-list that since the
sudocmd attribute is case-sensitive, it should be compared as
case-sensitive when used in the DN, so this is a directory server bug.
I found now that ipalib.dn.AVA.__eq__'s docstring says:
The value comparison is also case insensitive because the all [sic]
attribute types used in a DN are derived from the 'name'
atribute type (OID 220.127.116.11) whose EQUALITY MATCH RULE is
We do case-insensitive compares on DNs, and there's no easy way to
change this (the DN code knows nothing about a particular schema,
including case-sensitivity of its attributes).
So however DS is supposed to work (I don't have a manual handy), we're
pretty much committed to case-insensitive attributes in DNs.
Freeipa-devel mailing list