SSSD Cache Case-sensitivity

Home » CentOS » SSSD Cache Case-sensitivity
CentOS 4 Comments

Dear all,

I’m running CentOS 7.3 with SSSD. I’m using sssd-ad to talk to an AD
backend. Group names in the AD contain capitals.

When sssd-ad is working normally, group names returned are all lowercase. However, when the AD backend goes offline, group names returned from the SSSD cache contain capitals.

The change in case breaks stuff (sshd’s AllowGroups, for one).

Has anybody else seen this behavior?
Is there a way to make the group names uniform, whether they come from sssd-ad or the cache?



4 thoughts on - SSSD Cache Case-sensitivity

  • case_sensitive = Preserving

    This way you get capitalisation on what’s reported when it’s connected and not AFAIK.


  • Hi John,

    Thanks for pointing me to case_sensitive, that indeed is the cause:
    the default for “case_sensitive” is “True”, but for the AD provider
    “True” is invalid(??), so it defaults to “False”(???)!

    Good news is that with both “case_sensitive = False” and “case_sensitive
    = Preserving” the results from AD and cache are identical (lowercase and case-preserving, respectively).

    Since this (opposite defaults) is broken by design, I hope the AD
    provider will be fixed so it follows the general default.



  • I did already file a bug report. Since this involves a change in definition I’ll wait for input before starting on a patch. ;-)