[389-users] Case sensitivity and FC9 389 DS packages.

Chris St. Pierre stpierre at NebrWesleyan.edu
Tue May 12 02:09:09 UTC 2009 

On Mon, 11 May 2009, James Chavez wrote:

> Now If the uid is listed as Joe_Montana..and I login as Joe_Montana then the
> entry is recognized correctly by the sudo functions.
> If I login as joe_montana the sudo functions fail.
> Is there a way to force 389 to be case insensitive so that username or UIDs
> are recognized regardless of case?

In the sudoers schema file
(/etc/dirsrv/slapd-<instance>/schema/60sudo.ldif), you'll note that
the sudoUser attribute has:

EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch

So do the sudoHost, sudoCommand, etc., attributes.  If you want
case-insensitive matching, you should change that to:

EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch

And then restart the DS.

> Secondly it seems the Fedora 9 newkey updates repo is broken. I upgraded all
> of our installations to the newest packages 2 to 3 weeks ago and i am
> wondering if these are still the latest packages.
>
> fedora-ds-dsgw-1.1.1-1.fc9.i386
> fedora-ds-console-1.2.0-1.fc9.noarch
> fedora-ds-base-1.2.0-4.fc9.i386
> fedora-ds-1.1.3-1.fc9.noarch
> fedora-ds-admin-1.1.7-3.fc9.i386
> fedora-ds-admin-console-1.1.3-1.fc9.noarch

Yes, those are the latest packages.  Note that the fedora-ds-base
package -- which has the important stuff -- and the fedora-ds-console
package -- which has the shiny GUI stuff -- are both at 1.2.0, the
latest version.  FDS -- err, 389DS -- doesn't rev all of the package
versions to track the release version, so the fedora-ds package is
still at 1.1.3 while its requirements are at various other versions.

Some nuts and bolts: fedora-ds is itself just a "meta-package" that
contains nothing; it just requires other packages.  So the fedora-ds
package version really only needs to incremented if the requirements
change.  Since they didn't, it's easier for the dev team to leave what
they can alone and only release new versions of packages that actually
have some changed code.

Make sense?

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

More information about the Fedora-directory-users mailing list