Open Stack

On Thu, Sep 26, 2013 at 4:44 AM, Ralf Haferkamp <rhafer at suse.de> wrote:

>
> As Dolph already suggested we should not allow usernames that just differ
> in
> capitalization  ("JDoe" vs. "jdoe") to co-exist. (Which could be an
> argument
> for handling users case-insensitive in general)
>

This enforcement should be handled by the LDAP server if the organization
thinks it's important to have users with names unique without respect for
capitalization. LDAP servers can also enforce normal security enhancers
like password strength, expiration, and locking out users after invalid
logins that the SQL backend doesn't support.

My recommendation is that Keystone should get away from dealing with
creating/updating users to avoid reinventing the wheel (and making a wheel
that's missing bells and whistles). If comparing user names is a problem,
let's limit it to our custom SQL backend and not let it spread to other
more featureful backends.

- Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130926/e7e799c4/attachment.html>