Hi, Thank you very much for your contribution. In my experience LDB searches with DNs are pretty much case-insensitive, only the value of the RDN is checked case sensitive. I would like to investigate a bit further why you see this issue in sssd.
On Wed, Feb 23, 2011 at 05:40:49PM +0300, Sergei V. Kovylov wrote: > Hi all. > I've noticed that sssd has incorrect behavior with different versions of LDAP. > The issue is because of LDB store each entry in case sensitive format, > but there's no difference for LDAP, so if we have in LDB database: > > user's entry: > dn: uid=user,ou=GROUP,dc=domain > ........... > > and user's group entry: > dn: cn=group,OU=GROUP,dc=domain > member: uid=user,OU=GROUP,dc=domain > ..... are these entries coming from the LDB cache of sssd or from your LDAP server. For the cache of sssd I would expect DNs like name=user,cn=users,cn=domain,cn=sysdb and name=group,cn=groups,cn=domain,cn=sysdb > > then user "user" will never be a part of group "group" as entries > "uid=user,ou=GROUP,dc=domain" and "uid=user,OU=GROUP,dc=domain" are > not equal(in LDB logic). > I've noticed this when had migrated from FDS v.1.2.3 to FDS v.1.2.7.5 > as last one converting DN attibutes to lower case, but provide value > of "uniquemember" as is. How was the 'migration' done. Did you export the data on the old server and load them into the new one? Did you remove the sssd cache at some point during the migration? > > You will find a patch to fix this on sssd side in attach. bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel