On Thu, Sep 26, 2013 at 11:02 AM, Brant Knudson <b...@acm.org> wrote:
> > On Thu, Sep 26, 2013 at 4:44 AM, Ralf Haferkamp <rha...@suse.de> wrote: > >> >> As Dolph already suggested we should not allow usernames that just differ >> in >> capitalization ("JDoe" vs. "jdoe") to co-exist. (Which could be an >> argument >> for handling users case-insensitive in general) >> > > This enforcement should be handled by the LDAP server if the organization > thinks it's important to have users with names unique without respect for > capitalization. LDAP servers can also enforce normal security enhancers > like password strength, expiration, and locking out users after invalid > logins that the SQL backend doesn't support. > > My recommendation is that Keystone should get away from dealing with > creating/updating users to avoid reinventing the wheel (and making a wheel > that's missing bells and whistles). If comparing user names is a problem, > let's limit it to our custom SQL backend and not let it spread to other > more featureful backends. > ++; this confusion specifically stems from keystone's implementation against SQL, where keystone manages users directly > > > - Brant > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- -Dolph
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev