On 2/5/21 8:03 PM, Viktor Dukhovni wrote: > I am not 100% sure that all LDAP lookups would necessarily > be using lookup keys with case-insensitive matching rules.
This is declared in matching rules of the attribute type description found in the subschema. > For example, maps that query accounts by "uid", might need case > folding, because the "uid" namespace might be case-sensitive, but for > email we generally allow case-insensitive addressing. This is a can of worms. But today all LDAP servers I know of implemented case-insensitive matching for uid and mail in their default config: https://tools.ietf.org/html/rfc4519#section-2.39 https://tools.ietf.org/html/rfc4524#section-2.16 Strictly speaking this is wrong in the light of POSIX defining "name" to be case-sensitive while RFC 2307 using 'uid' and local-part of mail addresses being defined as case-sensitive. But what the hey... Ciao, Michael. P.S.: My Æ-DIR forces uid values to be lower-case because of this ambiguity.
