We're using Open LDAP for our directory. Apparently it allows case-insensitive bind auth, and this is causing some issues on our systems. I would like for authentication to fail for logins that are not the correct case. Is there a configuration option for this?
Asked
Active
Viewed 191 times
0
-
Are you using an `rdn` that is case sensitive? The usual ones (i.e. uid and cn) use `EQUALITY caseIgnoreMatch`. – 84104 Feb 02 '20 at 08:41
-
Yes, I'm using `cn=`. Is this more a question if how the bind query is built on the client, and not server config? – Ben Davis Feb 02 '20 at 14:49
-
A bind against a case-insensitive rdn likewise being case-insensitive is unsurprising. cn is usually case-insensitive. This is defined within the server schema. – 84104 Feb 04 '20 at 06:33