ignore case during ACL compares
phr2101 at columbia.edu
Wed Sep 14 12:58:34 EDT 2005
We're running OpenLDAP 2.3.
All our authentication data comes from LDAP.
We've run into a problem with the group acls.
some of our groups contain a mix of upper and lowercase characters.
Our problem is that when creating an ACL, the name is converted to
lowercase when Cyrus stores it.
But then during a match in mymemberof() of auth_pts.c the store name
no longer matches the real group name because of the case change
e.g. #group is WWW, but cyrus stores it as www
c setacl ldap group:WWW lrswipcda
c OK Completed
C getacl ldap
* ACL group:www lrswipcda
To fix this there are several places where a change can be made.
1. in auth_pts.c use strcasecmp instead of strcmp
2. modify the ldap/pts code to downcase groupnames
3. make ACL store case sensitive (not sure where this change would be
Option 1 seems like the easiest way to go.
Does anyone have a preference?
Anything I need to do to get a patch accepted into 2.3?
Should the change to strcasecmp be the default behavior (the
easiest) , a compile option or a config option?
More information about the Cyrus-devel