[Date Prev][Date Next]
Re: matching leading space in uid lookup
Duncan Brannen writes:
> Samba is passing on what Windows passes to it, so I'm not sure Samba
> is broken, it's asking ldap if user " xxx" can authenticate with
> credentials y and ldap's saying yes user "xxx" can authenticate with
> credentials y. I don't see that " xxx" == "xxx"
Most LDAP matching rules ignore initial and trailing space, and treat
multiple spaces as a single space. If Samba is using an attribute with
caseignoreMatch for values where initial space make a difference, Samba
is broken. It should then be using octet strings and OctetStringMatch
or something like that.
> uid equality is a caseignoreMatch which is space insensitive, I guess
> that includes leading spaces? Is this then, correct ldap behavior for
> this case?
LDAP is behaving correctly.
> Is there a way to change this without necessarily changing the core schema?
> To 'fix' samba, you'd have to fail logins for any username starting
> with a space.
Or change Samba to use its own attributes, with type Octet String.