Bug 1127278

Summary: Auth fails when space in username is replaced with character set by override_default_whitespace
Product: Red Hat Enterprise Linux 6 Reporter: Amith <apeetham>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.6CC: dpal, grajaiya, jgalipea, lslebodn, mkosek, pbrezina, preichl, tlavigne
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: sssd-1.11.6-20.el6 Doc Type: Enhancement
Doc Text:
The "override_space" option has been introduced to SSSD, which allows users to replace spaces in user names and group names with a specified character string. This makes it easier to use certain shell scripts or other applications that cannot properly handle user names and group names containing spaces. For further information on "override_space", refer to the sssd.conf(5) man page.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 04:49:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Amith 2014-08-06 14:09:22 UTC 
Description of problem:

When SSSD new feature "override_default_whitespace" is set, it replaces white space from usernames/groupnames with the configured character, lets say _(underscore). So upon lookup user "Harry Potter" becomes "Harry_Potter". In this case, user login fails when auth is conducted without spaces, ie username is "Harry_Potter, however auth works fine with space, ie when username is "Harry Potter". 

Version-Release number of selected component (if applicable):
sssd-1.11.6-12.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create an ldap user name with space, say "Harry Potter". 
2. Set override_default_whitespace = _ in sssd.conf
3. Login with and without space in user name, you will see that auth fails when username is "Harry_Potter".


Actual results:
Auth fails.

Expected results:
Auth should succeed.

Additional info:
Comment 2 Jakub Hrozek 2014-08-06 19:07:07 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2397
Comment 3 Jakub Hrozek 2014-08-13 13:54:51 UTC 
Fixed upstream:
    master:
        ef49e1d709c3cbb3eccbc22710964e1ffe2612c9
        3b96d478851fbbe391ab30e3d6a0afdb9ecdd4a0
        fcfd1cb69762c49ba56326dfc85008c1d83333b2
        0fcc9ed1c66bed7ef3a0bcd6c517280a82391d2b
        f3a5ac1a50c1fccd0801023658e42d2093e1a33a
        1f3127e88a87953f059c9a70d3582ae1719594b1 
    sssd-1-11:
        3fa31631d74d09ce6b52b6b8cd3c994c9f2a2db4
        6bbb1da6dd9365592b4be309cf3bd7f245d844a8
        f9cab654c8217a4f1b983bcf92dc36acffffe58f
        61cba55a3e44a937703a690254ccb3e0dd65dbb6
        5b4c81cab999c1f5a385754badd9e88600cbf3fa
Comment 5 Amith 2014-08-25 10:43:46 UTC 
With SSSD Version sssd-1.11.6-24.el6.x86_64, the automation runs FAIL for override_default_whitespace test suite. See the beaker output below:-

:: [   LOG    ] :: override_default_whitespace_2: Set override_default_whitespace = _ in nss section and run user lookup
:: [  BEGIN   ] :: Lookup should return name without space. :: actually running 'getent passwd -s sss "Test User"'
Test User:*:10011:10011:Example TestUser:/home/Testuser:/bin/bash
:: [   PASS   ] :: Lookup should return name without space. (Expected 0, got 0)
:: [  BEGIN   ] :: Lookup should return name without space. :: actually running 'getent passwd -s sss Test_User'
:: [   FAIL   ] :: Lookup should return name without space. (Expected 0, got 2)
Comment 6 Lukas Slebodnik 2014-08-25 12:13:03 UTC 
As a result of this ticket, we had a discussion in upstream and we decidet to change name of this option.

Currently, you should use option override_space.
man sssd.conf
  -> SPECIAL SECTIONS
     -> The [sssd] section
        -> override_space (string)

Sorry for troubles. We should have mentioned it in this BZ earlier.
Comment 7 Amith 2014-08-26 06:39:04 UTC 
Verified the bug on SSSD Version ; sssd-1.11.6-24.el6.x86_64

I made changes to automation code as per Comment #6 and the beaker run looks great now. See the output below:

================ final pass/fail report =================
   Test Date: Mon Aug 25 13:34:09 EDT 2014 
   Total : [8] 
   Passed: [8] 
   Failed: [0] 
   Abort : [0]
---------------------------------------------------------
   [   PASS   ]      Setup
   [   PASS   ]      override_space_1  Default behaviour when override_space is not set in sssd.conf
   [   PASS   ]      override_space_2  Set override_space = _ in sssd section and run user lookup
   [   PASS   ]      override_space_3  Set override_space = _ and run user auth
   [   PASS   ]      override_space_4  Set override_space = _ and run user id and groups
   [   PASS   ]      override_space_5  Behaviour while running chown and chgrp commands
   [   PASS   ]      Cleanup
   [   PASS   ]      unknown


=========================================================
Comment 8 errata-xmlrpc 2014-10-14 04:49:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html