[Samba] winbind and case sensitivity

[Brian J. Murrell]

Summary: is there a way to have windbind fold a mixed case username into
lowercase?  If the NT DOM account is "Brian", I want to be able to
instruct winbind to actually tell pam that the account is "brian".

Situation:  I have an NT PDC with which users were added by their first
name, first letter capitalized.  For example, my account would be "Brian".
As we all know however, NT usernames are case insensitive, so I can log in
with "Brian" or "brian" -- they are equivillent.  When I give out an
Exchange e-mail address I can give "brian at example.com" and
"Brian at exmaple.com" and they both mean me.

Now I am putting in a postfix/cyrus mail server and want to be able to use
winbind to authenticate the imap accounts to the NT PDC and deliver mail.

The problem arises that Linux/Unix are not case insensitive and Brian and
brian are two different users and two different mailboxes.  But as a
statement of policy I am able to dictate that usernames shall always be
all lower case.  And because of the case insensitiveness of NT, I can be
safe in doing so and not causing problems for grandfathered accounts.

However, I need to deal with the existing accounts/people which are of the
format "Firstname".  I can force cyrus to convert the account name to
lowercase before delivering to a mailbox so that when somebody mails to
"Brian at example.com" it goes into the "brian" mailbox.

But when they log in to Cyrus via PAM/winbind, they need to have the case
matching exactly (i.e. Brian, not brian) for the authentication to succeed
(contrary to NT), and even then, cyrus gives them the
uppercase-first-letter mailbox, not the lowercase mailbox (I can only
force cyrus to _deliver_ to the lowercase mailbox, not force the mailbox
name to lowercase for log in purposes).

What would be ideal would be that I could tell winbind to force account
names into lowercase before returning them to the NSS (i.e. as a passwd
entry), but I see no options to do this.

Any ideas?

b.