[Date Prev][Date Next] [Chronological] [Thread] [Top]

Case (in)sensitivity in "by set" ACL?

We have a number of ACLs, in production on OpenLDAP 2.2.26, which are of the form:

  by set="user/eduPersonAffiliation* & [Faculty]" read

where the case of the attribute value in a given entry matches the ACL as shown, and the eduPersonAffiliation attribute is caseIgnoreMatch/caseIgnoreIA5SubstringsMatch.

In testing these ACLs on 2.3.21, I found that the ACLs never match, because the bvals returned from the entry () are returned as downcased, but the comparison apparently is done case sensitively.

I assume this behavior could be correct, although it seems illogical, and has apparently changed. In any case, is this the defined or intended behavior?



Matt Benjamin

The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104


tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309