Attributes retrieve are case sensitive #129
Comments
Can you provide a reference for that? |
|
https://tools.ietf.org/html/rfc4511#section-4.5.1.8 https://tools.ietf.org/html/rfc4234#section-2.1 This behavior could be found in other wide used ldap clients like "ldapsearch" from OpenLDAP for example. |
|
The relevant link is https://tools.ietf.org/html/rfc4512#section-2.5 I think. |
|
Actually, none of these links seem conclusive. When using the attribute name we're using an alias for the OID (which doesn't have case), and rfc 4512 doesn't seem to clarify whether matching on the alias should be case sensitive. It's clear that the attribute name (alias) itself is just a utf-8 string. |
|
IMHO it does not make sense not returning attributes based on their sensitiveness. If searches like '(givenname=*)' will work on server, no matter if LDAP definition is 'givenName' or 'givenname', this should work at the same manner for returned attributes. |
|
does that mean the server can return multiple attributes? what should the behavior of |
|
The server will return based on the schema definition, in this case it will return: givenName=foo Since this attribute is multi-valued, getAttribute("givenname") should be an array of all 3 givenName values. |
|
can a schema define multiple attributes that differ only by case? if it is actually impossible to get a response like #129 (comment) from a server, I'm not necessarily opposed to something like #111, but I'm very wary of compressing a value space when it has been unclear to me whether the case insensitivity applies to specific uses of attributes (like DN formation and the search operation) or globally |
|
No, it can't. From LDAP point of view it applies globally. What we should take care is the value of attributes because of matching rules. Some attributes may have matching rules defined to be case sensitive. For example, java.schema from OpenLDAP have the attribute 'javaClassName' which have an equality rule 'caseExactMatch'. This have implications on how clients handle searches and values retrieval. |
|
I still haven't found information in any spec to support this statement:
However, going with the principle of least surprise, if we can document at least a few mainstream tools or libraries that default to case-insensitive attribute matching and searching, then I'd be open to having an exported package variable to toggle this feature on or off, and we can even default to having it enabled, as long as consumers can revert to case-sensitive behaviour as needed. |
|
a parallel set of case insensitive functions could make sense as well |
|
@johnweldon And you found any information in spec which states that attribute names should be case sensitive? One of the most used clients (ldapsearch from OpenLDAP as I said before) don't rely on case sensitiveness of the attribute names. In fact I never used an LDAP client which behaves like this API in this particular subject. You can also check tools like Apache Directory Studio [1] which is also widely used. |
For a low-level library, preserving fidelity of returned information is extremely important. Since it is possible for an LDAP server to return a set of attributes like the following, this library should not silently compress those differences: I'd be amenable to adding |
|
@johnweldon, @liggitt IMO RFC 4512 / Section 2.5 does explicitly state that attribute names are case insensitive:
The
|
|
@vetinari I think you're right; some quotes from 1.4 of RFC 4512: (emphasis mine)
|
|
Right, this should be the default behavior of the API. |
|
I'm inclined to still approach this as @liggitt suggests - with parallel functions that are case insensitive. We shouldn't be changing the behaviour of the established API IMO. |
|
I've added now |
I'd prefer to keep any value transformation done by this library explicit. If the comparison is ignoring case, the method name should make that clear |
these are the case insensitive counter parts, e.g. GetAttributeValue <=> GetEqualFoldAttributeValue using strings.EqualFold to compare the attrribute names fixes go-ldap#109 go-ldap#129
If we use GetAttributeValue function in a search to retrieve an specific attribute, the attribute name is currently case sensitive in this API.
According to LDAP specifications attribute retrieval must be case insensitive. For exemple, the attribute givenName and givenname are the same attribute, therefore if a client ask for "givenname" and LDAP definitions is set to "givenName", the API must be case insensitive returning the attribute and its value to the client, if present of course.
The text was updated successfully, but these errors were encountered: