Re: Umlauts support
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Umlauts support
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Darius Spitznagel <d.spitznagel [at] goodbytez.de>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Umlauts support
- Date: Sun, 09 Aug 2020 22:03:49 +0200
On Sun, 2020-08-09 at 21:41 +0200, Darius Spitznagel wrote:
> nslcd is really usefull and easy to setup, thank you.
Thanks.
> BUT nslcd does not like umlauts:(
>
> snippet from syslog...
> ...
> Aug 9 21:34:48 rkt22 nslcd[28681]: [90700b] <group(all)>
> CN=Domänen-Admins,CN=Users,DC=rkt-zentral,DC=local: sAMAccountName: denied by
> validnames option
> Aug 9 21:34:48 rkt22 nslcd[28681]: [90700b] <group(all)>
> CN=Domänen-Benutzer,CN=Users,DC=rkt-zentral,DC=local: sAMAccountName: denied
> by validnames option
> Aug 9 21:34:48 rkt22 nslcd[28681]: [90700b] <group(all)>
> CN=Domänen-Gäste,CN=Users,DC=rkt-zentral,DC=local: sAMAccountName: denied by
> validnames option
By default nslcd tries to filter user and group names with a regular
expression to avoid loading the system with users and groups that could
cause issues for certain applications.
Since the NSS interface (which exposes /etc/passwd and /etc/group) do
not define an encoding and encoding for LDAP entries is also not very
well defined by default only a narrow subset of ASCII and a little
broader definition than what is supported in POSIX is exposed.
You can configure this filtering with the validnames option in
nslcd.conf:
https://arthurdejong.org/nss-pam-ldapd/nslcd.conf.5#validnames
You could use something like:
validnames /^[a-z0-9._@$()]([a-zä0-9._@$() \\~-]*[a-zä0-9._@$()~-])?$/i
(add other allowed accented characters as needed)
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
