On ke, 10 loka 2018, Winfried de Heiden via FreeIPA-users wrote:
Alexander Bokovoy via FreeIPA-users schreef op 10-10-2018 12:47:
On ke, 10 loka 2018, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
The Red Hat manual is not too clear about this
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/#users)
IdM supports user names that can be described by the following
regular expression:
[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?
Note
User names ending with the trailing dollar sign ($) are supported
to enable Samba 3.x machine support.
If you add a user whose user name contains uppercase characters,
IdM automatically converts the name to lowercase when saving it.
Therefore, IdM always requires users to enter their user names all
lowercase when logging in. Additionally, it is not possible to add
users whose user names only differ in letter casing, such as user
and User.
Having co-workers from different countries using different
languages we want to avoid "strange" character from Cyrilic,
German, Hindoi etc. etc.
Reading the docs, it suggest only plain UTF ASCII is supported, no
"strange" characters. Correct? Or else: how to avoid/not allow
non standard ASCII usernames?
ASCII, not UTF(-8). See a good presentation by Paul Gorman on the
topic:
https://paulgorman.org/technical/presentations/linux_username_conventions.pdf
While we can store UTF-8 in 'uid' attribute in LDAP, POSIX systems are
what practically limits us here.
OK, it's stored in UTF-8, which supports an awfull lot of
characters... But IPA seems to protect us:
ipa user-add --first="ßuper" --last="üser" ßuperüser
ipa: ERROR: invalid 'login': may only include letters, numbers, _, -,
. and $
As I said, POSIX systems are the limit, thus IPA limits you to have uid
as POSIX standard requires.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org