[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: matching leading space in uid lookup



Duncan Brannen writes:

> Samba is passing on what Windows passes to it, so I'm not sure Samba
> is broken, it's asking ldap if user " xxx" can authenticate with
> credentials y and ldap's saying yes user "xxx" can authenticate with
> credentials y.  I don't see that " xxx" == "xxx"

Most LDAP matching rules ignore initial and trailing space, and treat
multiple spaces as a single space.  If Samba is using an attribute with
caseignoreMatch for values where initial space make a difference, Samba
is broken.  It should then be using octet strings and OctetStringMatch
or something like that.

> uid equality is a caseignoreMatch which is space insensitive, I guess
> that includes leading spaces? Is this then, correct ldap behavior for
> this case?

LDAP is behaving correctly.

> Is there a way to change this without necessarily changing the core schema?
> To 'fix' samba, you'd have to fail logins for any username starting
> with a space.

Or change Samba to use its own attributes, with type Octet String.

-- 
Hallvard