[strongSwan] attr-sql - case insensitive?

Tobias Brunner tobias at strongswan.org
Wed Jul 4 16:23:06 CEST 2018

Hi Sven,

> The name in the database matches the name the user configured in
> their settings. So this is very error-prone.
> Is it possible to match here case insensitive?
> Or any other ideas?

The `data` column of the `identities` table in the default schema uses a
binary type (BLOB or varbinary), same goes for the queries where the
argument is of type DB_BLOB (and not DB_TEXT).  So the comparison here
will always be via an exact binary match.  I guess that's mostly for
ASN.1 DNs, which couldn't be stored/compared directly as text.

I suppose, if you only use e.g. email addresses as identities (i.e. no
binary DNs) you could probably change the type of that column (e.g. to
TEXT or varchar) and when using MySQL add `collate utf8_unicode_ci` for
a case insensitive comparison.  But you'd also need to change the type
in the queries (in the attr-sql plugin and the pool tool, if you use
it).  At least I guess that's required, I didn't try what happens if the
argument's type doesn't exactly match that of the column.

Another option is probably to convert the identities to text and store
and compare them as such, but that would also require several code changes.


More information about the Users mailing list