ignore case during ACL compares

Patrick Radtke phr2101 at columbia.edu
Wed Sep 14 12:58:34 EDT 2005


We're running OpenLDAP 2.3.
All our authentication data comes from LDAP.

We've run into a problem with the group acls.

some of our groups contain a mix of upper and lowercase characters.

Our problem is that when creating an ACL, the name is converted to  
lowercase when Cyrus stores it.
But then during a match in mymemberof() of auth_pts.c the store name  
no longer matches the real group name because of the case change

e.g. #group is WWW, but cyrus stores it as www
c setacl ldap group:WWW lrswipcda
c OK Completed
C getacl ldap
* ACL  group:www lrswipcda

To fix this there are several places where a change can be made.

1. in auth_pts.c  use strcasecmp instead of strcmp

2. modify the ldap/pts code to downcase groupnames
3. make ACL store case sensitive (not sure where this change would be  

Option 1 seems like the easiest way to go.
Does anyone have a preference?
Anything I need to do to get a patch accepted into 2.3?
Should the change to strcasecmp be the default behavior (the  
easiest) , a compile option or a config option?



More information about the Cyrus-devel mailing list