URL: https://github.com/SSSD/sssd/pull/5251 Title: #5251: subdomains: allow to inherit case_sensitive=Preserving
sumit-bose commented: """
Hi, thanks for the rebase. I'm not sure I like the last patch. Why would you want to set `case_sensitive=Preserving` only on some clients and especially not on the server? Wouldn't this cause confusion? I would even say that it the SSSD side is fixed it might be better to ask FreeIPA to add a ipa config option to set `case_sensitive` for the whole domain and the SSSD use this new option.
Do you suggest to add case_sensitive option in IPA similar to what we do with e.g. domain_resolution_order?
Yes, this would be the long term idea. However, in the meantime I think it is ok to require to set `case_sensitive=Preserving` on the IPA servers as well if you want to use it on the client and hence the last patch is not needed.
Addtionally, without any flags set `SSS_NSS_GETPWNAM_EX` should return the same result as `SSS_NSS_GETPWNAM`, so adding `Preserving` flag would be a solution, but this would require additional changes on the IPA side.
Given IPA lower case what it gets then why it needs to return the same result?
I think Alexander's comment was about IPA user and groups which are always lower case, AD users are not stored in LDAP.
If you don't agree with the patch then I suggest to enable this for AD only for now and see what we can do for IPA later (the customer behind this requests it for AD provider).
See above. If I understand it correctly by setting `case_sensitive=Preserving` in sssd.conf on the IPA servers the last patch is not needed, SSSD has to be updated anyways to make sure the option is inherited by the sub-domains (trusted AD domains).
bye, Sumit
"""
See the full comment at https://github.com/SSSD/sssd/pull/5251#issuecomment-763797708