Re: Problem with case filtering in nss-pam-ldapd
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: Problem with case filtering in nss-pam-ldapd
- From: "Matthew L. Dailey" <matthew.l.dailey [at] dartmouth.edu>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Problem with case filtering in nss-pam-ldapd
- Date: Tue, 13 Mar 2012 12:22:50 -0400
Hi Arthur,
This was a problem for us as well, so I took your advice and created a patch
against 0.8.6 implementing a new "ignorecase" config option that switches
between doing strcmp and strcasecmp in group, netgroup, passwd, protocols, rpc,
services and shadow maps. It seemed clearest to implement this as a macro, but
maybe there's a better way. :-)
Have a look and let me know if you have questions, suggestions for
changes/improvement, etc.
We also would like the ability for certain values (uid, gid and homeDirectory)
to always be returned as lower-case. For example, we use sAMAccountName as uid,
which in some cases is something like John_A_Smith. We then construct
homeDirectory with "/remote/home/${sAMAccountName}", but the actual remote nfs
directories are lower-case so things don't work quite right. I've hacked our
current nslcd to lower-case any returns of the sAMAccountName attribute in
myldap.c, which works, but isn't very elegant.
I'm thinking that this could be implemented as yet another config file option
(a "set" like ignoreusers) to list which fields should be lower-cased. Actually
implementing this, however, is probably non-trivial. If you have any
suggestions to make this easier, let me know.
Thanks for all your work on this project!
-Matt Dailey
Attachment:
ignorecase.diff.gz
Description: GNU Zip compressed data
On Feb 29, 2012, at 5:02 PM, Arthur de Jong wrote: > On Tue, 2012-02-28 at 16:46 +0100, Klaus Steinberger wrote: >> So what I like to have is to have this filtering configurable in nslcd.conf, >> so >> we can switch it off. I think this should be easy to implement. What do you >> think? > > It shouldn't be too hard. The change that originally implemented the > case-sensitive filtering should provide some pointers on what to modify: > http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=934&view=revision > > Note however that disabling this filter is a security risk as described > here: > http://arthurdejong.org/nss-pam-ldapd/news2009#20091122 > > I would welcome a patch that implements a configuration option for this > though. > > Kind regards, > > -- > -- arthur - arthur@arthurdejong.org - http://arthurdejong.org -- > -- > To unsubscribe send an email to > nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see > http://lists.arthurdejong.org/nss-pam-ldapd-users/
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Problem with case filtering in nss-pam-ldapd,
Klaus Steinberger
- Re: Problem with case filtering in nss-pam-ldapd,
Arthur de Jong
- Re: Problem with case filtering in nss-pam-ldapd, Matthew L. Dailey
- Re: Problem with case filtering in nss-pam-ldapd,
Arthur de Jong
- Re: Problem with case filtering in nss-pam-ldapd,
Matthew L. Dailey
- Re: Problem with case filtering in nss-pam-ldapd, Arthur de Jong
- Re: Problem with case filtering in nss-pam-ldapd,
Matthew L. Dailey
- Re: Problem with case filtering in nss-pam-ldapd,
Arthur de Jong
- Prev by Date: Re: nslcd threads and connections: 5 too many?
- Next by Date: send returns EPIPE when requesting a large group
- Previous by thread: Re: Problem with case filtering in nss-pam-ldapd
- Next by thread: Re: Problem with case filtering in nss-pam-ldapd