Bonsoir, 2015-02-27 22:10 GMT+01:00 Bram Cymet <[email protected]>:
> Hi, > > I am using openldap 2.4.26. My system ignores case when doing binds: > > Feb 27 16:08:08 devauth slapd[2437]: conn=2723 op=1 BIND > dn="[email protected],ou=test_websales_users,dc=ls,dc=cbn" method=128 > Feb 27 16:08:08 devauth slapd[2437]: => bdb_entry_get: found entry: > "[email protected],ou=test_websales_users,dc=ls,dc=cbn" > > So this happily binds with [email protected] or [email protected] and > returns the same entry. > That's because the "uid" attribute type is case insensitive. Taken from RFC4519: ( 0.9.2342.19200300.100.1.1 NAME 'uid' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > Is this a configuration error on my part? Is it possible to have case > sensitive binds and if so what do I have to change? > You could define your own attribute type and declare another matching rule for it (caseExactMatch, for example). And use this attribute instead of "uid". Or consider that "[email protected]" is the same "[email protected]", just louder. -- Erwann.
