Re: Problem with case filtering in nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: "Matthew L. Dailey" <matthew.l.dailey [at] dartmouth.edu>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Problem with case filtering in nss-pam-ldapd
Date: Tue, 13 Mar 2012 19:58:04 +0100

On Tue, 2012-03-13 at 12:22 -0400, Matthew L. Dailey wrote:
> This was a problem for us as well, so I took your advice and created a
> patch against 0.8.6 implementing a new "ignorecase" config option that
> switches between doing strcmp and strcasecmp in group, netgroup,
> passwd, protocols, rpc, services and shadow maps. It seemed clearest
> to implement this as a macro, but maybe there's a better way. :-)

I like the patch so I've comitted it with only a few small modifications
to the manual page. Thanks.

> We also would like the ability for certain values (uid, gid and
> homeDirectory) to always be returned as lower-case. For example, we
> use sAMAccountName as uid, which in some cases is something like
> John_A_Smith. We then construct homeDirectory with
> "/remote/home/${sAMAccountName}", but the actual remote nfs
> directories are lower-case so things don't work quite right. I've
> hacked our current nslcd to lower-case any returns of the
> sAMAccountName attribute in myldap.c, which works, but isn't very
> elegant.
> 
> I'm thinking that this could be implemented as yet another config file
> option (a "set" like ignoreusers) to list which fields should be
> lower-cased. Actually implementing this, however, is probably
> non-trivial. If you have any suggestions to make this easier, let me
> know.

What would be nicest would be to implement it in the configuration file
with some kind of mapping statement. Something like:

  map passwd uid lower(sAMAccountName)
  map passwd homeDirectory "/home/$(lower(sAMAccountName))"

I don't know if I like the expression mapping syntax much but since the
${..} syntax is based on POSIX this comes closest I think. Better
suggestions are welcome.

As for the implementation, if someone is willing to do some work on this
I can also have a look.

Thanks,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Problem with case filtering in nss-pam-ldapd, Klaus Steinberger
- Re: Problem with case filtering in nss-pam-ldapd, Arthur de Jong
  - Re: Problem with case filtering in nss-pam-ldapd, Matthew L. Dailey
    - Re: Problem with case filtering in nss-pam-ldapd, Arthur de Jong

Prev by Date: send returns EPIPE when requesting a large group
Next by Date: Re: nslcd threads and connections: 5 too many?
Previous by thread: Re: Problem with case filtering in nss-pam-ldapd
Next by thread: Re: Problem with case filtering in nss-pam-ldapd