1

I have a FreeIPA server in which some users' names (first and last) has accented characters (such as ī, ā, ū, ...).

Is it possible to configure LDAP to search for these characters with regular characters (i, a, u, ...)?

I have googled for this but I haven't found a solution yet.

Note: In ldap files I found "libcollation-plugin" which I'm looking into right now.

Muhmmad Aziz
  • 271
  • 2
  • 12

1 Answers1

1

Short answer: With standard IPA tools? No. With your own searches using an LDAP client? Yes.

Long answer: an LDAP search can specify collation order OID for a matching rule for a specific attribute. In 389-ds there are language tags that can be used as shortcuts, so one can ask for searches of French names in 'sn' as 'sn:fr=Jerome' and it should be able to find an entry with 'sn=Jerome' or 'sn=Jeromé'.

Existing IPA framework does not allow to inject a collation order OIDs into its search filters, so you cannot take those into account.

See more about internationalized LDAP support in 389-ds here:https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/Searching_an_Internationalized_Directory

abbra
  • 1,085
  • 5
  • 8
  • I managed to search for accented characters with ldapsearch by adding a matching rule to the search filter, but I'm still attempting to get it to work in FreeIPA user interface – Muhmmad Aziz Mar 10 '18 at 09:43
  • 1
    As I said, it is not possible right now. You may want to open a ticket for FreeIPA but there is a need to change quite a lot of code to get it properly supporting i18n searches. – abbra Mar 11 '18 at 05:32