[Fedora-directory-users] Re: Case Sensitive Lookup and Searching (Mike C)

Howard Chu hyc at symas.com
Tue Jul 8 17:06:05 UTC 2008

> Date: Tue, 8 Jul 2008 10:16:09 +1200
> From: "Mike C"<smith.not.western at gmail.com>

> I agree, my schema (and data) are terrible. It's an artifact from
> openldap not being as conforming as fds.

Ahem. OpenLDAP conforms perfectly to the LDAPv3 spec here. The behavior you're 
seeing with FDS is due to the fact that the FDS code base doesn't have full 
LDAPv3 schema support. Rich's reference to ces and cis is an artifact of the 
way the old UMich LDAPv2 code kludged schemas, and his mention of "case 
sensitive syntax" is archaic. In X.500 and LDAPv3, string syntaxes have no 
case sensitivity property at all; case sensitivity is determined solely by the 
matching rules in the schema definition of the attribute using the syntax. The 
only difference between IA5String and DirectoryString syntax is the range of 
legal characters that may be contained in the string (DirectoryString 
accomodates the entire Unicode set in UTF8 encoding, IA5String only allows 7 
bit ASCII).

> My main concern is that sanitizing my repository would require
> changing usernames for a hundred odd external users, something I wish
> to avoid. But given how memberUid's case sensitivity is nullified when
> part of a dn, migration it is.

In a true LDAP/X.500 server, DN evaluation obeys all of the schema rules of 
the individual attributes in each RDN composing the DN. E.g. in OpenLDAP, 
memberUid is case-sensitive whether it's being used in a RDN or anywhere else.

    -- Howard Chu
    CTO, Symas Corp.           http://www.symas.com
    Director, Highland Sun     http://highlandsun.com/hyc/
    Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the Fedora-directory-users mailing list