OpenLDAP Client Question

Posted on

Any LDAP gurus out there?

One of my customers mandates that their Linux hosts be bound to their Active Directory domains via PBIS. One of their domains seems to enforce case-sensitivity for Computer objects. Unfortunately, this same domain also breaks the ability to use PBIS's native tooling for resolving naming collisions caused by reprovisioning. So, our fall-back was to use the OpenLDAP client RPM's ldapsearch and ldapdelete utilities to facilitate collision-cleanup during the reprovisioning process. Unfortunately, because of the domain's enforcing of case-sensitivity (and inconsistent naming habits by admins), doing a generic ldapsearch for cn= can fail if the query-string is in a different case than the AD-stored string.

It's easy enough to overcome with a (|(cn=)(cn=)) query, but I fear there may be some s hiding in the directory. I tried adding :caseIgnoreMatch: to my cn=, but that resulted in no returns to my query. Anyone know if there's a way to force a case-insensitive query-match from the client-side?