The issue is particularly related to sync from AD/LDAP since there is no guarantee the user name (from AD side sAMAccountName or userPrincipalName, or mail attributes) is always stored in a canonical form.
It creates a problem since OpenShift/k8s is case sensitive by nature, while LDAP is not.
At this point authentication layer is not a problem since it takes place on LDAP/AD side, but the authorization (ie. groups placed in role bindings) becomes a problem.
From what I was able to gather, there is no plans to change this on the platform side as it is implied the names sourced from the authentication backed are canonical. But I presume the feature can be fairly easy implemented in the group sync operator by introducing a couple parameters, for instance, lower_case: true and upper_case: true to bring all user names to the same case after reading them from AD/LDAP and before placing them in groups.
The issue is particularly related to sync from AD/LDAP since there is no guarantee the user name (from AD side sAMAccountName or userPrincipalName, or mail attributes) is always stored in a canonical form. It creates a problem since OpenShift/k8s is case sensitive by nature, while LDAP is not.
At this point authentication layer is not a problem since it takes place on LDAP/AD side, but the authorization (ie. groups placed in role bindings) becomes a problem.
From what I was able to gather, there is no plans to change this on the platform side as it is implied the names sourced from the authentication backed are canonical. But I presume the feature can be fairly easy implemented in the group sync operator by introducing a couple parameters, for instance, lower_case: true and upper_case: true to bring all user names to the same case after reading them from AD/LDAP and before placing them in groups.