Bug 532811

Summary: should enforce some naming constraints on users and groups
Product: [Retired] freeIPA Reporter: Nalin Dahyabhai <nalin>
Component: WebUIAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: benl, dpal, jgalipea, mkosek
Target Milestone: future release   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.1.3-5.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 737997 (view as bug list) Environment:
Last Closed: 2012-03-28 09:34:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020, 737997    

Description Nalin Dahyabhai 2009-11-03 22:14:23 UTC 
While the rfc2307 schema incorporates attributes, for naming users and groups, for which equality matching is done in a case-insensitive matter, client systems usually have the assumption of case-sensitivity built-in.  When a user manages to log in as "Jimbo", but a group references that user as "jimbo", weird things will happen (this includes cache misses, authorization problems, and perhaps some crashes, too).

I'd like for us to add some rules to normalize incoming data so that we can at least shield administrators from unintentionally creating a situation where case-mismatched data is in the directory, because that's much harder to detect and compensate for at the client.

Whether we do this in the administrative UI or at the directory level with a plugin (the latter might become a hurdle for mass-import in migration cases, so I'm not too sure about it) is still up in the air.
Comment 1 Dmitri Pal 2009-11-04 01:03:30 UTC 
I think it should be a plugin into DS that will (if configured) hook into user and group modify and add operations and automatically turn names to lower case.
Comment 2 Rob Crittenden 2009-11-18 22:09:25 UTC 
Names are currently normalized in the user and group plugins such that user and and group names are lower-case.

A DS plugin is possible just considerably more work.
Comment 4 Martin Kosek 2011-09-12 12:06:18 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1778
Comment 5 Martin Kosek 2011-09-22 13:44:28 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/a1430dcb2c8e63e3077d00878431c0698944a07d
ipa-2-1: https://fedorahosted.org/freeipa/changeset/fb6abb2acc190d1c397f9e4e170c03bfcd39048d