When adding roles, privileges, or permissions, the names are always normalized into lower case. This is not actually a problem if done consistently. However, the built-in entries for ACI have names that contain mixed cases (e.g. Security Architect, DNS Servers). Users could be confused because they cannot create entries with capitalization.
One option is to preserve the capitalization. The other option is to normalize the names of the built-in entries.
Is it really causing a problem and confusion? Can we just doc what is case sensitive and explain that the rest is not?
As Rob requested, I did some experiments. If the normalizer is removed from the permission name, the case is preserved. Adding a duplicate permission with different case will not work because the underlying attribute cn is case insensitive.
The aci attribute seems to be able to handle mixed case well. It preserves the case in permission name and DN. Adding a duplicate aci with different case in permission name or DN will be rejected. If the permission DN in aci has different case than the actual permission entry it still works.
So based on this limited testing the normalizer can be removed without causing problems.
attachment freeipa-rcrit-870-case.patch
master: 5ddc027
ipa-2-1: 970480c
Metadata Update from @edewata: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.