On Thu, Sep 26, 2013 at 4:44 AM, Ralf Haferkamp <rha...@suse.de> wrote:
> > As Dolph already suggested we should not allow usernames that just differ > in > capitalization ("JDoe" vs. "jdoe") to co-exist. (Which could be an > argument > for handling users case-insensitive in general) > This enforcement should be handled by the LDAP server if the organization thinks it's important to have users with names unique without respect for capitalization. LDAP servers can also enforce normal security enhancers like password strength, expiration, and locking out users after invalid logins that the SQL backend doesn't support. My recommendation is that Keystone should get away from dealing with creating/updating users to avoid reinventing the wheel (and making a wheel that's missing bells and whistles). If comparing user names is a problem, let's limit it to our custom SQL backend and not let it spread to other more featureful backends. - Brant
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev