request case insensitive matching of SSO_FNAL_GROUPS items with LDAP->DocDB group mapping

Question

request case insensitive matching of SSO_FNAL_GROUPS items with LDAP->DocDB group mapping

lauramengel opened this issue 6 years ago · 3 comments

We request group names in SSO_FNAL_GROUPS and group names
in the SSO groupmap files that have our LDAP->DocDB group mapping
be compared case insensitively.

The authentication group recently told me:
"According to the LDAP protocol request for comments (RFCs),
distinguished names should be compared case-insensitively."

Answer 1 · 2018-06-12T21:31:26.000Z

What if we said that the dictionary $SsoGroupMap defined in ProjectGlobals HAD to have the various keys defined as lower case? There's not really a place where I can change both sides of the comparison to lower case, so I would have to re-write a 2nd dictionary (temporary) with lower case keys.

Answer 2 · 2018-06-13T14:09:55.000Z

Latest FNAL_SSO has this, including removing spaces around = sign as we discussed. You will have to change your SsoGroupMap to restore the right functionality

Answer 3 · 2018-06-13T16:33:01.000Z

This is working with our group map with all lower case in the DN an no spaces around the equals.
Also works fine if there are spaces in the CN or OU and if DocDB groups specified included
mixed case, slash, space, or underscore.

Closing request.