450e7e
diff -up cyrus-imapd-2.3.15/lib/auth_unix.c.authid_normalize cyrus-imapd-2.3.15/lib/auth_unix.c
450e7e
--- cyrus-imapd-2.3.15/lib/auth_unix.c.authid_normalize	2009-09-18 11:53:47.183115911 +0200
450e7e
+++ cyrus-imapd-2.3.15/lib/auth_unix.c	2009-09-18 11:53:47.252115833 +0200
450e7e
@@ -156,10 +156,12 @@ const char *identifier;
cf58a5
 size_t len;
cf58a5
 {
cf58a5
     static char retbuf[81];
cf58a5
+    char backup[81];
cf58a5
     struct group *grp;
cf58a5
     char sawalpha;
cf58a5
     char *p;
cf58a5
     int username_tolower = 0;
cf58a5
+    int ic,rbc;
cf58a5
 
cf58a5
     if(!len) len = strlen(identifier);
cf58a5
     if(len >= sizeof(retbuf)) return NULL;
450e7e
@@ -211,6 +213,22 @@ size_t len;
cf58a5
     /* now we don't */
cf58a5
     /* if (!sawalpha) return NULL;  */
cf58a5
 
cf58a5
+    if( (libcyrus_config_getswitch(CYRUSOPT_NORMALIZEUID) == 1) ) {
cf58a5
+        strcpy(backup,retbuf);
cf58a5
+       /* remove leading blanks */
cf58a5
+       for(ic=0; isblank(backup[ic]); ic++);
cf58a5
+       for(rbc=0; backup[ic]; ic++) {
cf58a5
+            retbuf[rbc] = ( isalpha(backup[ic]) ?
cf58a5
+                 tolower(backup[ic]) : backup[ic] );
cf58a5
+            rbc++;
cf58a5
+       }
cf58a5
+       retbuf[rbc] = '\0';
cf58a5
+       /* remove trailing blanks */
cf58a5
+       for(--rbc; isblank(retbuf[rbc]); rbc--) {
cf58a5
+            retbuf[rbc] = '\0';
cf58a5
+       }
cf58a5
+    }
cf58a5
+
cf58a5
     return retbuf;
cf58a5
 }
cf58a5
 
450e7e
diff -up cyrus-imapd-2.3.15/lib/imapoptions.authid_normalize cyrus-imapd-2.3.15/lib/imapoptions
450e7e
--- cyrus-imapd-2.3.15/lib/imapoptions.authid_normalize	2009-09-18 11:53:47.244115877 +0200
450e7e
+++ cyrus-imapd-2.3.15/lib/imapoptions	2009-09-18 11:53:47.260115873 +0200
450e7e
@@ -1217,6 +1217,11 @@ product version in the capabilities */
cf58a5
    interface, otherwise the user is assumed to be in the default
cf58a5
    domain (if set). */
cf58a5
 
cf58a5
+{ "normalizeuid", 0, SWITCH }
cf58a5
+/* Lowercase uid and strip leading and trailing blanks. It is recommended
cf58a5
+   to set this to yes, especially if OpenLDAP is used as authentication
cf58a5
+   source. */
cf58a5
+
cf58a5
 /*
cf58a5
 .SH SEE ALSO
cf58a5
 .PP
450e7e
diff -up cyrus-imapd-2.3.15/lib/libcyr_cfg.c.authid_normalize cyrus-imapd-2.3.15/lib/libcyr_cfg.c
450e7e
--- cyrus-imapd-2.3.15/lib/libcyr_cfg.c.authid_normalize	2009-03-31 06:43:20.000000000 +0200
450e7e
+++ cyrus-imapd-2.3.15/lib/libcyr_cfg.c	2009-09-18 11:55:03.436822867 +0200
450e7e
@@ -154,6 +154,10 @@ struct cyrusopt_s cyrus_options[] = {
450e7e
       CFGVAL(long, 1),
a6d65f
       CYRUS_OPT_SWITCH },
cf58a5
 
cf58a5
+    { CYRUSOPT_NORMALIZEUID,
cf58a5
+      CFGVAL(long, 1),
cf58a5
+      CYRUS_OPT_SWITCH },
cf58a5
+
cf58a5
     { CYRUSOPT_LAST, { NULL }, CYRUS_OPT_NOTOPT }
cf58a5
 };
cf58a5
 
450e7e
diff -up cyrus-imapd-2.3.15/lib/libcyr_cfg.h.authid_normalize cyrus-imapd-2.3.15/lib/libcyr_cfg.h
450e7e
--- cyrus-imapd-2.3.15/lib/libcyr_cfg.h.authid_normalize	2009-03-31 06:43:20.000000000 +0200
450e7e
+++ cyrus-imapd-2.3.15/lib/libcyr_cfg.h	2009-09-18 11:55:33.267115989 +0200
450e7e
@@ -114,6 +114,8 @@ enum cyrus_opt {
450e7e
     CYRUSOPT_SQL_USESSL,
450e7e
     /* Checkpoint after every recovery (OFF) */
450e7e
     CYRUSOPT_SKIPLIST_ALWAYS_CHECKPOINT,
450e7e
+    /* Lowercase uid and strip leading and trailing blanks (OFF) */
450e7e
+    CYRUSOPT_NORMALIZEUID,
450e7e
 
450e7e
     CYRUSOPT_LAST
450e7e