Hi all,
Is there a way to tell glibc to map users to groups they belong to case insensitive way? The issue isn’t simple to describe, here goes an explanation. My accounts come from ldap server, test user is “My.User”. It belongs to two groups:
machine~ # id My.User
uid=502(My.User) gid=200(design) groups=200(design),201(testgroup)
pam_ldap treats usernames case insensitive way, so both users My.User and my.user are equal and os lets them in. But it maps them differently:
machine~ # id my.user
uid=502(My.User) gid=200(design) groups=200(design)
Notice testgroup not being there. So user can log in no matter what lettercase is, but, depending on one, group membership differs. Only the one specified as primary group in user account is always there, for all other ones it depends on what user types as its username. There are many ways it can break stuff, I noticed that when implementing acls based on groups membership.
Question - how to make: 1) user<->group mapping case insensitive in glibc; or 2) nss_ldap use memberOf attribute in user profile instead of member attribute in group profile?
SIde note - sorting thing out at ldap server is out of question. It is beyond my control. And users will always mix letteracase, there is no way around that.