[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: matching leading space in uid lookup



On Mon, May 19, 2003 at 01:53:24PM +0200, Hallvard B Furuseth wrote:

> > Samba is passing on what Windows passes to it, so I'm not sure Samba
> > is broken, it's asking ldap if user " xxx" can authenticate with
> > credentials y and ldap's saying yes user "xxx" can authenticate with
> > credentials y.  I don't see that " xxx" == "xxx"

> Most LDAP matching rules ignore initial and trailing space, and treat
> multiple spaces as a single space.  If Samba is using an attribute with
> caseignoreMatch for values where initial space make a difference, Samba
> is broken.  It should then be using octet strings and OctetStringMatch
> or something like that.

Er, that's not a particularly useful recommendation when the attribute
Samba needs to match on is 'uid', as used by many other schemas,
'posixAccount' among them.  The real question is, why is Windows sending
a username with leading spaces, and why is it desirable for such a
username to NOT match the username in the directory that does not have
leading spaces?  Are there really multiple users in the directory whose
uids differ only in terms of leading whitespace?  Having Samba use its
own non-standard attribs won't help much with the fact that LDAP thinks
there are two unix users with the same name.

-- 
Steve Langasek
postmodern programmer

Attachment: pgppckts3BuR0.pgp
Description: PGP signature