Bug 532811 - should enforce some naming constraints on users and groups
Summary: should enforce some naming constraints on users and groups
Alias: None
Product: freeIPA
Classification: Retired
Component: WebUI
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: future release
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 431020 737997
TreeView+ depends on / blocked
Reported: 2009-11-03 22:14 UTC by Nalin Dahyabhai
Modified: 2015-01-04 23:40 UTC (History)
4 users (show)

Fixed In Version: freeipa-2.1.3-5.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 737997 (view as bug list)
Last Closed: 2012-03-28 09:34:13 UTC

Attachments (Terms of Use)

Description Nalin Dahyabhai 2009-11-03 22:14:23 UTC
While the rfc2307 schema incorporates attributes, for naming users and groups, for which equality matching is done in a case-insensitive matter, client systems usually have the assumption of case-sensitivity built-in.  When a user manages to log in as "Jimbo", but a group references that user as "jimbo", weird things will happen (this includes cache misses, authorization problems, and perhaps some crashes, too).

I'd like for us to add some rules to normalize incoming data so that we can at least shield administrators from unintentionally creating a situation where case-mismatched data is in the directory, because that's much harder to detect and compensate for at the client.

Whether we do this in the administrative UI or at the directory level with a plugin (the latter might become a hurdle for mass-import in migration cases, so I'm not too sure about it) is still up in the air.

Comment 1 Dmitri Pal 2009-11-04 01:03:30 UTC
I think it should be a plugin into DS that will (if configured) hook into user and group modify and add operations and automatically turn names to lower case.

Comment 2 Rob Crittenden 2009-11-18 22:09:25 UTC
Names are currently normalized in the user and group plugins such that user and and group names are lower-case.

A DS plugin is possible just considerably more work.

Comment 4 Martin Kosek 2011-09-12 12:06:18 UTC
Upstream ticket:

Note You need to log in before you can comment on or make changes to this bug.