I agree, my schema (and data) are terrible. It's an artifact from
openldap not being as conforming as fds.
Ahem. OpenLDAP conforms perfectly to the LDAPv3 spec here. The behavior you're
seeing with FDS is due to the fact that the FDS code base doesn't have full
LDAPv3 schema support. Rich's reference to ces and cis is an artifact of the
way the old UMich LDAPv2 code kludged schemas, and his mention of "case
sensitive syntax" is archaic. In X.500 and LDAPv3, string syntaxes have no
case sensitivity property at all; case sensitivity is determined solely by the
matching rules in the schema definition of the attribute using the syntax. The
only difference between IA5String and DirectoryString syntax is the range of
legal characters that may be contained in the string (DirectoryString
accomodates the entire Unicode set in UTF8 encoding, IA5String only allows 7
My main concern is that sanitizing my repository would require
changing usernames for a hundred odd external users, something I wish
to avoid. But given how memberUid's case sensitivity is nullified when
part of a dn, migration it is.
In a true LDAP/X.500 server, DN evaluation obeys all of the schema rules of
the individual attributes in each RDN composing the DN. E.g. in OpenLDAP,
memberUid is case-sensitive whether it's being used in a RDN or anywhere else.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Fedora-directory-users mailing list