After I upgraded from fc13 to fc14, the lower case ldap/ad account doesn't work. Is there any parameters that we can change to allow lower case accounts?


# uname -r
2.6.35-0.49.rc5.git2.fc14.i686.PAE

# id danielc ---- it works on fc13
id: danielc: No such user
# id DanielC
uid=1079(DanielC) gid=2008(Users) groups=2008(Users)

I'm willing to bet this is an older, pre-existing account. All references I can find
to the problem indicate that LDAP (the new one) is doing what it should, but
it used to return matches without regard to case... Most of the reports just have
the entry deleted, and re-created as an all lower case entry.

You can google for ldap+mixed case and get a nice list of complaints about the
issue. You can also read (not much info there though):

https://issues.alfresco.com/jira/browse/ETHREEOH-2023

My acount is on the windows ad and it's "DanielC". Windows doesn't distinguish with upper/lower cases, however Fedora 14 does. I think something has been changed since f14, though it works on f13.

What's the change?

Following the standard specification perhaps?

I know that LDAP has usually ignored case--I work with it on CentOS, and searching for an entry, for example, is case-insensitive. Whether newer versions of LDAP (CentOS probably has an older version) no longer do this or not, I don't know. IIRC, whether or not case was honored is in one of the schema, but I have no idea where.

Edit: I should add that changing schema can lead to breakage.

I believe that is what the standard says is that case is sensitive.

If applications want to eliminate case then it would be up to the application. UNIX
has always been case sensitive, and that causes major problems when the case
must be respected by the supporting infrastructure. Normally (not always) unix
logins have been lower case simply because it makes typing easier.

I have seen mixed case used for alternate logins - the lower case one was the
"normal" user login, the mixed case was a test login.

I went through those changelogs and didn't find anything related. Any suggestions?

F13: -- case insensitive
openldap-2.4.21-9.fc13.i686
openldap-clients-2.4.21-9.fc13.i686
nss_ldap-264-9.fc13.i686

F14: -- case sensitive
openldap-2.4.22-7.fc14.i686
openldap-clients-2.4.22-7.fc14.i686
nss_ldap-265-4.fc14.i686
pam_ldap-185-5.fc14.i686

Again, you could look through the schema of the two versions and see if the caseIgnoreMatch has changed in the various schemas, but aside from that, I really don't know.

I searched "caseIgnoreMatch" and found some files. However it seems that they are not relevent.

/etc/openldap/schema/samba.schema
/usr/share/GConf/schema/evoldap.schema
/usr/share/doc/samba-3.5.0/LDAP/samba-schema-netscapeds5.x
/usr/share/doc/samba-3.5.0/LDAP/samba-nds.schema
/usr/share/doc/samba-3.5.0/LDAP/samba-schema-FDS.ldif
/usr/share/doc/samba-3.5.0/LDAP/samba.schema
/usr/share/doc/samba-3.5.0/LDAP/samba.schema.at.IBM-DS
/usr/share/doc/pam_ldap-185/ns-pwd-policy.schema
/usr/share/doc/pam_ldap-185/ldapns.schema
/usr/share/doc/openldap-devel-2.4.22/drafts/draft-joslin-config-schema-xx.txt
/usr/share/doc/openldap-devel-2.4.22/drafts/draft-howard-rfc2307bis-xx.txt
/usr/share/doc/openldap-devel-2.4.22/drafts/draft-ietf-ldapext-acl-model-xx.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc2713.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4517.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4524.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4519.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc3698.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4511.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc2926.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc2714.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4518.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc3703.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc3712.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc4403.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc2798.txt
/usr/share/doc/openldap-devel-2.4.22/rfc/rfc3687.txt

No, probably not I really don't know what changed where, I'm afraid.