RSS feed

Re: Problem with case filtering in nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Problem with case filtering in nss-pam-ldapd

On Mar 13, 2012, at 2:58 PM, Arthur de Jong wrote:

> What would be nicest would be to implement it in the configuration file
> with some kind of mapping statement. Something like:
>  map passwd uid lower(sAMAccountName)
>  map passwd homeDirectory "/home/$(lower(sAMAccountName))"
> I don't know if I like the expression mapping syntax much but since the
> ${..} syntax is based on POSIX this comes closest I think. Better
> suggestions are welcome.

I agree that this is probably the best way to do this, but the implementation 
is a bit more than I can take on at the moment. This could get complicated 
fast, especially if this new "lower" map function can take arbitrary bits of 
map text and multiple attributes.

For our purposes, it just seemed easier to have a list of attributes that get 
lower-cased before being returned from the ldap functions, e.g. lowercase_attrs 
sAMAccountName. So, I put this together in the attached patch against svn 
v.1635. I think I'm catching anywhere values are returned from myldap.c, but 
please let me know if I missed anything. I specifically didn't put this into 
myldap_get_values_len(), since this should only be used for non-ASCII values.

Let me know your thoughts on this. Thanks!

-Matt Dailey

Attachment: lowercase_attrs.diff.gz
Description: GNU Zip compressed data

To unsubscribe send an email to or see