[openstack-dev] [keystone] Case sensitivity & backend databases

Mark Washenberger mark.washenberger at markwash.net
Wed Nov 13 19:24:00 UTC 2013

Resurrecting this thread. . .

I think I'm misunderstanding where we landed on this issue. On the one
hand, it seems like there are tests to assert that uniqueness of names is
case-sensitive. On the other, some folks have identified reasons why they
would want case-insensitivity on uniqueness checks for creating new users.
Still others I think have wisely pointed out that we should probably get
out of the business of creating users.

Trying to incorporate all of these perspectives, I propose the following:

1) We add a configuration option to just the keystone sql identity driver
to force case-sensitivity on uniqueness checks. I'm pretty sure there is a
way to do this in sqlalchemy, basically whatever is equivalent to 'SELECT *
FROM user WHERE BINARY name = %s'. This config option would only affect
create_user and update_user.
2) We always force case-sensitive comparison for get_user_by_name, using a
similar mechanism as above.

By focusing on changes to queries we needn't bother with a migration and
can make the behavior a deployer choice.

Is this a bad goal or approach?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131113/cdb0cb56/attachment.html>

More information about the OpenStack-dev mailing list