[Date Prev][Date Next] [Chronological] [Thread] [Top]

Case (in)sensitivity in "by set" ACL?



We have a number of ACLs, in production on OpenLDAP 2.2.26, which are of the form:

  by set="user/eduPersonAffiliation* & [Faculty]" read

where the case of the attribute value in a given entry matches the ACL as shown, and the eduPersonAffiliation attribute is caseIgnoreMatch/caseIgnoreIA5SubstringsMatch.

In testing these ACLs on 2.3.21, I found that the ACLs never match, because the bvals returned from the entry () are returned as downcased, but the comparison apparently is done case sensitively.

I assume this behavior could be correct, although it seems illogical, and has apparently changed. In any case, is this the defined or intended behavior?

Thanks,

--

Matt Benjamin

The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104

http://linuxbox.com

tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309