[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Checking authzTo case-sensitive

Michael Ströder wrote:

checking a DN sent by proxy authorization control against authzTo seems
to be case-sensitive. Or better said: DNs in the attribute value of
authzTo must be lower-cased to make matching work.

Is that by purpose?

Well, OpenLDAP introduced a specific syntax for authzTo/authzFrom which parses the values and validates/compares them accodring to the contents. The DN portion is usually compared by means of the dnMatch function, which takes care of case as appropriate for each AVA pair.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it