On Thu, Sep 26, 2013 at 11:02 AM, Brant Knudson <b...@acm.org> wrote:
>
> On Thu, Sep 26, 2013 at 4:44 AM, Ralf Haferkamp <rha...@suse.de> wrote:
>
>>
>> As Dolph already suggested we should not allow usernames that just differ
>> in
>> capitalization ("JDoe" vs. "jdoe") to co-exist. (Which could be an
>> argument
>> for handling users case-insensitive in general)
>>
>
> This enforcement should be handled by the LDAP server if the organization
> thinks it's important to have users with names unique without respect for
> capitalization. LDAP servers can also enforce normal security enhancers
> like password strength, expiration, and locking out users after invalid
> logins that the SQL backend doesn't support.
>
> My recommendation is that Keystone should get away from dealing with
> creating/updating users to avoid reinventing the wheel (and making a wheel
> that's missing bells and whistles). If comparing user names is a problem,
> let's limit it to our custom SQL backend and not let it spread to other
> more featureful backends.
>
++; this confusion specifically stems from keystone's implementation
against SQL, where keystone manages users directly
>
>
> - Brant
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
-Dolph
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
