[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Case (in)sensitivity in "by set" ACL?
We have a number of ACLs, in production on OpenLDAP 2.2.26, which are of
the form:
by set="user/eduPersonAffiliation* & [Faculty]" read
where the case of the attribute value in a given entry matches the ACL
as shown, and the eduPersonAffiliation attribute is
caseIgnoreMatch/caseIgnoreIA5SubstringsMatch.
In testing these ACLs on 2.3.21, I found that the ACLs never match,
because the bvals returned from the entry () are returned as downcased,
but the comparison apparently is done case sensitively.
I assume this behavior could be correct, although it seems illogical,
and has apparently changed. In any case, is this the defined or
intended behavior?
Thanks,
--
Matt Benjamin
The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI 48104
http://linuxbox.com
tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309