Re: Case Sensitive Binds

[Erwann Abalea <eabalea@gmail.com>]

Bonsoir,

2015-02-27 22:10 GMT+01:00 Bram Cymet <bcymet@cbnco.com>:

Hi,

I am using openldap 2.4.26. My system ignores case when doing binds:

Feb 27 16:08:08 devauth slapd[2437]: conn=2723 op=1 BIND
dn="uid=Bcymet@cbnco.com,ou=test_websales_users,dc=ls,dc=cbn" method=128
Feb 27 16:08:08 devauth slapd[2437]: => bdb_entry_get: found entry:
"uid=bcymet@cbnco.com,ou=test_websales_users,dc=ls,dc=cbn"

So this happily binds with bcymet@cbnco.com or Bcymet@cbnco.com and
returns the same entry.

That's because the "uid" attribute type is case insensitive.

Taken from RFC4519:

( 0.9.2342.19200300.100.1.1 NAME 'uid'

         EQUALITY caseIgnoreMatch

         SUBSTR caseIgnoreSubstringsMatch

         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 

 

Is this a configuration error on my part? Is it possible to have case
sensitive binds and if so what do I have to change?

You could define your own attribute type and declare another matching rule for it (caseExactMatch, for example). And use this attribute instead of "uid".

Or consider that "BCYMET@CBNCO.COM" is the same "bcymet@cbnco.com", just louder.

--

Erwann.