Bug 1252089

Summary: Satellite 6 AD integration - find_by_dn incorrectly splitting a DN string blindly on comma
Product: Red Hat Satellite Reporter: Freddy Wissing <fwissing>
Component: Users & RolesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED CURRENTRELEASE QA Contact: Kedar Bidarkar <kbidarka>
Severity: medium Docs Contact:
Priority: unspecified    
Version: UnspecifiedCC: bkearney, dlobatog, jjennings, kbidarka, mbliss
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-15 08:27:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Freddy Wissing 2015-08-10 17:01:01 UTC 
Description of problem:

File /opt/rh/ruby193/root/usr/share/gems/gems/ldap_fluff-0.3.2/lib/ldap_fluff/generic_member_service.rb  has function "find_by_dn" on line 24.  The first split function in this file is incorrectly splitting a DN string blindly on comma.  It is not factoring in that AD frequently uses lastname, firstname as part of the users DN and therefore the CN and base values are being broken out incorrectly.


Version-Release number of selected component (if applicable):


How reproducible:

100%


Steps to Reproduce:



Customer conducts a puts call with some debugging info into this call and receive the following:
[ 2015-07-17 10:09:14.5163 28787/7f102826e700 Pool2/Implementation.cpp:1274 ]: [App 28886 stdout] VER001
dn :CN=Jones\, James E. (FKN),OU=DomainDODUsers,OU=UsersGroups,DC=accounts,DC=root,DC=corp:
Base : James E. (FKN),OU=DomainDODUsers,OU=UsersGroups,DC=accounts,DC=root,DC=corp:
Entry_value :Jones\:
Entry_attr :CN


Actual results:

The initial split gives a DN piece of "DN=Miller"  and an OU structure of " Sean (HPX),OU=blah,OU=boo, etc..."


Expected results:


DN=Miller, Sean (HPX),OU=blah,OU=boo, etc ... 

Workaround:


From customer:  To correct this behavior I had to modify the code from "split on comma" to "split on ',OU=' and then put OU= back on the fromt of the OU portion.

As for the rest, basically, once I implemented this change, it took a while before things started working as expected.
Comment 3 jared jennings 2015-10-08 14:39:39 UTC 
A slightly different way of fixing the problem has been integrated into ldap_fluff; see https://github.com/theforeman/ldap_fluff/pull/46.
Comment 4 jared jennings 2015-10-13 15:14:30 UTC 
I've verified that the commit in the pull request, https://github.com/jaredjennings/ldap_fluff/commit/183e87be6a6fed658e25099972fdbf7b82046b89, applies cleanly to version 0.3.2, and after application all the tests succeed (including the one added).
Comment 7 Bryan Kearney 2016-07-26 15:25:24 UTC 
Moving 6.2 bugs out to sat-backlog.
Comment 8 Bryan Kearney 2016-07-26 15:42:04 UTC 
Moving 6.2 bugs out to sat-backlog.
Comment 10 Daniel Lobato Garcia 2017-09-15 08:27:39 UTC 
This was fixed back in 2015 by https://github.com/theforeman/ldap_fluff/commit/183e87be6a6fed658e25099972fdbf7b82046b89 - which was released with 6.2. Please reopen if you find the problem again.

Thanks !