[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: uid case sensitivity

To: Jeff Clowser <jclowser@aerotek.com>
Subject: Re: uid case sensitivity
From: Jay Christner <jaymc@goshen.edu>
Date: Wed, 9 Jun 1999 12:04:31 -0500 (EST)
Cc: OpenLDAP-general@OpenLDAP.org
In-reply-to: <375E914B.FFE86E35@aerotek.com>

On Wed, 9 Jun 1999, Jeff Clowser wrote:

> I think there's a step missing here.  Basically, you "log in" to an ldap server
> by binding
> as a dn and a password, not a uid and password.  To use a uid, you first need to
> bind
> anonymously, search for the uid in the server, then bind as the dn that is
> returned using
> the password supplied, as far as I know (don't think there is a way to bind
> using uid/pass).

Yeah.  Our dn's look like "dn: uid=jaymc,o=GC,c=US" then later we
have a uid: jaymc attribute entry.
 
> I wouldn't think changing the uid from cis to ces would affect this, though I'm
> not sure
> making the uid ces is necessarily a good thing.  Why do you need to make uid's
> case
> sensative (I can think of a few reasons, but just wondering)?

Well apparantly changing it from cis to ces does affect it because you
can't bind to it with uid set to ces.  The reasoning behind it is that
we're using LDAP for authentication for all the services for an ISP.  The
RADIUS server logs whatever username comes through as the username.
Logging in as JAYMC, jaymc, Jaymc, means the same thing to LDAP.  However
when our RADIUS accounting scripts go thorugh and look at the logs, they
look like three different users.  I guess one way to bypass it would be to
make the accounting scripts case insensitive, but this kind of got me
thinking, so I was hoping to figure this one out too for future reference.

> Whatever is logging in, though, may be doing something to the uid before
> comparing it
> (like lowercasing or uppercasing it before the compare).  What is trying to log
> in?  Is
> this via ldapsearch or a home spun script, or some server product that auths
> against LDAP?
> 
> BTW - on Netscape's DS, userpassword is typed as bin instead of ces.  Wonder
> if there are compatibility issues here if opendap's userpassword is ces (I play
> with
> OpenLDAP when I can, but we have Netscape's DS in production, so I'm more
> familiar
> with it's schema...)

We're using OpenLDAP 1.2.2 here running on a RedHat 5.2 Linux box.  We're
using nss_ldap and pam_ldap withit and having great success with it.  Our
RADIUS server is PAM aware so it makes things nice and easy.  Anyway,
thanks.
-jay


> Jay Christner wrote:
> 
> > By default uid's are case insensitive (cis) and userpasswords are case
> > sensitive (ces).  I am trying to figure out how to make it so both uid and
> > userpasswords are case sensitive (ces).  Whenever we try to change the cis
> > to ces in the slapd*at.conf files we aren't able to login at all, changing
> > the uid back to cis works fine though.
> > Is there some other way to do this, or are we just missing something
> > really stupid here?
> > (Note:, I am not directly working on this myself, but I can get more
> > information as needed.)
> > Thanks for any help.
> > -jay
> > -----------------------------------------------------------------------------
> 
> --
>  Jeff Clowser
>  mailto:jclowser@aerotek.com       Hanover MD  21076 USA
>  Phone: (410)-579-4328             7312 Parkway Drive
> 
> 
> 

-----------------------------------------------------------------------------
Jay Christner
Information Technology Services
Goshen College
Goshen, IN 46526
-----------------------------------------------------------------------------

References:
- Re: uid case sensitivity
  - From: Jeff Clowser <jclowser@aerotek.com>

Prev by Date: Re: Resolving groups (neophyte question)
Next by Date: Re: uid case sensitivity
Index(es):
- Chronological
- Thread