[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Silly details like CN= v cn=

On Sun, 2008-01-06 at 17:35 -0800, Howard Chu wrote:
> Howard Chu wrote:
> > It's not just perfectly valid, it is exactly correct. RFC4519 defines the
> > attribute name to be 'cn' and we always return the canonical name for a given
> > attribute. As always with Microsoft, AD is a broken abomination.
> > 
> > Of course, the point remains that attribute names are case-insensitive, and
> > any user doing a case-sensitive compare on the attribute names is begging for
> > disappointment.
> I know we've had this conversation before, but I think it bears repeating - 
> you don't always need to be bug-for-bug compatible with Microsoft. 

Perhaps it's my history with this area, or working in for appliance
vendors in the past, but I've never quite had the luxuary of being able
to say 'our users will understand, we are doing it right'.

Of course things will be different, and the network interfaces won't
quite match up, but the lesson the team has had so often is until your
tests prove you are byte-for-byte idential, something will break...

> So weigh that into your bug-for-bug-compatibility considerations - over time, 
> Samba+OpenLDAP will be the #1 directory deployed in Windows environments, just 
> as it already is in Unix/Linux environments. As long as neither one of us 
> badly screws up the code bases it is inevitable. So some places where you bend 
> over backwards to accommodate Microsoft's flagrant disregard of open standards 
> won't be so important down the road, because we are the de jure standard and 
> will be the de facto standard.

In the meantime, I have to hope we can produce something that can get us
into the position.  How do we slip into an IT department that already
has it's scripts, processes and stubbornly, poorly written software,
without breaking the lot?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part