pam_ldap username case sensitivity on OpenSuSE 11.2

It seems pam_ldap in 11.2 is not case insensitive anymore when it comes to
checking usernames with uid from ldap.
It is working fine on 11.1 though (both systems with latest updates up to now)
(I didn’t try 11.3 yet)

On our ldap server (which is out of my control), the usernames are not unified,
some are all in lowercase and some are capitalized, but on our Linux servers we
have all usernames in lowercase.

Since our upgrade to 11.2, the users that their uid on ldap server
does not match exactly to the username on Linux servers can not login anymore.

Is there any option to change this behavior and force pam_ldap to be
case-insensitive or convert uid/usernames to lowercase?
or all of a sudden pam_ldap decided to become case sensitive!?

Thanks for any help

I found the reason for the problem.

In one of the last changes to pam_ldap.c (in suse 11.2)
there is a part that after successful authentication against ldap,
it gets the username from ldap and continues in using it for the rest of
the process.

in pam_ldap-set_pam_user.dif :

— pam_ldap-180.orig/pam_ldap.c
+++ pam_ldap-180/pam_ldap.c
@@ -2682,7 +2682,13 @@ nxt:
return PAM_BUF_ERR;

  • session->info->username = strdup (user);
  • rc = _get_string_value (session->ld, msg, session->conf->userattr,
  •                &session->info->username);
  • if (rc != PAM_SUCCESS)
  • {
  •  session->info->username = strdup (user);
  • }
  • if (session->info->username == NULL)
    ldap_msgfree (res);

I don’t know the reason for it, but to me it seems to be a bug!

The ldap is not case-sensitive, so the username (uid) on ldap
might not exactly match the username on Linux!

Does anybody know the reason for this change to pam_ldap.c?