[Freeipa-devel] [PATCH] 0022 Use ipauniqueid for the RDN of sudo commands (rebased)
Petr Viktorin
pviktori at redhat.com
Wed Mar 28 16:30:50 UTC 2012
Earlier, someone (I think Alexander?) mentioned off-list that since the
sudocmd attribute is case-sensitive, it should be compared as
case-sensitive when used in the DN, so this is a directory server bug.
I found now that ipalib.dn.AVA.__eq__'s docstring says:
The value comparison is also case insensitive because the all [sic]
attribute types used in a DN are derived from the 'name'
atribute type (OID 2.5.4.41) whose EQUALITY MATCH RULE is
caseIgnoreMatch.
We do case-insensitive compares on DNs, and there's no easy way to
change this (the DN code knows nothing about a particular schema,
including case-sensitivity of its attributes).
So however DS is supposed to work (I don't have a manual handy), we're
pretty much committed to case-insensitive attributes in DNs.
--
Petr³
More information about the Freeipa-devel
mailing list