Hi, SSSD 1.7 will bring a new feature - the ability to mark a domain as "case insensitive".
As implemented currently, if a domain is case-insensitive, SSSD would store a lowercased alias in addition to the real name and lowercase all queries for that domain so that they match on the alias. However, SSSD would still return the original case sensitive name from the NSS provider. For example, it is possible to look up a user "Foo" with "getent passwd foo", but getent would still return "Foo:*:uid:gid:Foo:/home/Foo:/bin/bash". One of our users logged https://fedorahosted.org/sssd/ticket/1123 requesting that we also lowercase the *result*. I'm not sure it's the right thing to do, I implemented the case sensitivity feature the way I did on purpose, thinking that we still want to return the *real* user name much like we do for multiple CN attributes. I would appreciate more opinions on this. One of the reasons for implementing this feature in the first place was Windows SSO[1] - I admit I haven't tested this particular scenario, but I think what we have now would suffice so that name lookups would work regardless of case. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
