RSS feed

Re: Problem with case filtering in nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Problem with case filtering in nss-pam-ldapd

On Tue, 2012-03-13 at 12:22 -0400, Matthew L. Dailey wrote:
> This was a problem for us as well, so I took your advice and created a
> patch against 0.8.6 implementing a new "ignorecase" config option that
> switches between doing strcmp and strcasecmp in group, netgroup,
> passwd, protocols, rpc, services and shadow maps. It seemed clearest
> to implement this as a macro, but maybe there's a better way. :-)

I like the patch so I've comitted it with only a few small modifications
to the manual page. Thanks.

> We also would like the ability for certain values (uid, gid and
> homeDirectory) to always be returned as lower-case. For example, we
> use sAMAccountName as uid, which in some cases is something like
> John_A_Smith. We then construct homeDirectory with
> "/remote/home/${sAMAccountName}", but the actual remote nfs
> directories are lower-case so things don't work quite right. I've
> hacked our current nslcd to lower-case any returns of the
> sAMAccountName attribute in myldap.c, which works, but isn't very
> elegant.
> I'm thinking that this could be implemented as yet another config file
> option (a "set" like ignoreusers) to list which fields should be
> lower-cased. Actually implementing this, however, is probably
> non-trivial. If you have any suggestions to make this easier, let me
> know.

What would be nicest would be to implement it in the configuration file
with some kind of mapping statement. Something like:

  map passwd uid lower(sAMAccountName)
  map passwd homeDirectory "/home/$(lower(sAMAccountName))"

I don't know if I like the expression mapping syntax much but since the
${..} syntax is based on POSIX this comes closest I think. Better
suggestions are welcome.

As for the implementation, if someone is willing to do some work on this
I can also have a look.


-- arthur - - --
To unsubscribe send an email to or see