[Date Prev][Date Next] [Chronological] [Thread] [Top]

Case (in)sensitivity in "by set" ACL?

To: openldap-software@OpenLDAP.org
Subject: Case (in)sensitivity in "by set" ACL?
From: Matt Benjamin <matt@linuxbox.com>
Date: Tue, 18 Apr 2006 20:13:38 -0400
User-agent: Thunderbird 1.5 (X11/20051201)

We have a number of ACLs, in production on OpenLDAP 2.2.26, which are of the form:

  by set="user/eduPersonAffiliation* & [Faculty]" read

where the case of the attribute value in a given entry matches the ACL as shown, and the eduPersonAffiliation attribute is caseIgnoreMatch/caseIgnoreIA5SubstringsMatch.

In testing these ACLs on 2.3.21, I found that the ACLs never match, because the bvals returned from the entry () are returned as downcased, but the comparison apparently is done case sensitively.

I assume this behavior could be correct, although it seems illogical, and has apparently changed. In any case, is this the defined or intended behavior?

Thanks,

--

Matt Benjamin

The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104

http://linuxbox.com

tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309

Follow-Ups:
- Re: Case (in)sensitivity in 'by set' ACL?
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: verification
Next by Date: rewrite rule in slapd.conf
Index(es):
- Chronological
- Thread