[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Checking authzTo case-sensitive
> Michael Ströder wrote:
>> HI!
>>
>> checking a DN sent by proxy authorization control against authzTo seems
>> to be case-sensitive. Or better said: DNs in the attribute value of
>> authzTo must be lower-cased to make matching work.
>>
>> Is that by purpose?
>
> Well, OpenLDAP introduced a specific syntax for authzTo/authzFrom which
> parses the values and validates/compares them accodring to the contents.
> The DN portion is usually compared by means of the dnMatch function,
> which takes care of case as appropriate for each AVA pair.
Partial correction: authz syntax is enabled by default in 2.4, while in
2.3 it's still protected by an #ifdef LDAP_DEVEL. As a consequence, yes,
any DN must be in the form it would appear after normalization.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------