On 5 September 2017 at 17:27, FHDATA <fhdata at unm.edu> wrote: > > > hello, > > some users' login fails since they type upper > case for their user ids ,etc ... > > how can case sensitivity be disabled so they can login > with mix of upper and lower case? > > this is what i tried: > > in /etc/sssd/sssd.conf i tested this below > > [domain/default] > case_sensitive = false > > > i stopped sssd, deleted all inside /var/sss/db and > started sssd but that did not help .... > case sensitivity for user accounts is considered implementation dependent from the early days of Unix. However most Unixes from the late 1970's onward incorporated that user accounts were case sensitive in login. The later POSIX standards to try and formalize various divergences, kept it as being 'site dependent'. This was always problematic because DNS hostnames and email addresses in the RFC standards were case insensitive so that you could have accounts like abc, Abc, and ABC but only one of them would get email. LDAP sort of cuts a path between POSIX and RFC where depending on the LDAP servers configuration, it is either case sensitive or case insensitive. The client has little control over this because sending something the AD or LDAP server will not parse will give an error. The second issue is that login checks against what getent the account name is which is before LDAP gives an answer. Long long ago, you could look at using pam_regex to make sure that all accounts were seen as lower case so that when passed to LDAP they matched. However I haven't looked at that in close to 2 decades so I have no idea if it is still valid. -- Stephen J Smoogen.