Bug 1205382

Summary: Properly handle AD's binary objectGUID
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0CC: grajaiya, iatemnikov, jgalipea, jhrozek, jstephen, lslebodn, mkosek, mzidek, pbrezina, preichl, sgadekar
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: GSSApproved
Fixed In Version: sssd-1.12.4-25.el6 Doc Type: Bug Fix
Doc Text:
* SSSD did not properly handle the "objectGUID" AD LDAP attribute. Now, SSSD considers "objectGUID" a binary value as expected, and the attribute is stored correctly. (BZ#1205382)
Story Points: ---
Clone Of:
: 1226119 (view as bug list) Environment:
Last Closed: 2015-07-22 06:43:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1226119    

Description Jakub Hrozek 2015-03-24 19:43:24 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2588

The Active Directory objectGUID LDAP attribute is returned as a binary value  which is currently not handled well be SSSD. There is a string representation defined in [MS-DTYP] section 2.3.4.3 which should be used to store the attribute to the cache. Only the surrounding curly braces should be dropped because they cannot be used for LDAP searches.

Comment 2 Jakub Hrozek 2015-04-29 11:06:58 UTC
*** Bug 1215925 has been marked as a duplicate of this bug. ***

Comment 4 Kaushik Banerjee 2015-06-03 10:04:47 UTC
Verified via automation run against large no. of user and group sets on AD. Verified in sssd-1.12.4-42.el6.x86_64

Comment 7 errata-xmlrpc 2015-07-22 06:43:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1448.html