Bug 1399304

Summary: [RFE] sssd - Search filter should not be applied to automountmaps.
Product: Red Hat Enterprise Linux 8 Reporter: Eugene Keck <ekeck>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED WONTFIX QA Contact: Steeve Goveas <sgoveas>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.1CC: grajaiya, jhrozek, mkosek, pbrezina, subu.ayyagari, thalman, tscherf
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-24 09:45:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1420851    

Description Eugene Keck 2016-11-28 17:48:56 UTC 
1. Proposed title of this feature request
Search filter should not be applied to automountmaps.

2. Who is the customer behind the request?
Account: GOLDMAN SACHS #62816
TAM customer: no
SRM customer: no
Strategic: yes

3. What is the nature and description of the request?
Search filter should not be applied to automountmaps. They are global (e.g.:  'auto.home')

4. Why does the customer need this? (List the business requirements here)
From customers comments:

The ldap search filter should not be applied to map entries, but SSSD does apply the filter!.
E.g.: There is no benefit to limit maps like 'auto.home'.

Search filter should not be applied to automountmaps.
     They are global (e.g.:  'auto.home')

Filter is applied to automountmap. 
I am forced to apply "global" value to each automountmap to get over this behavior.

SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName"
SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1

5. How would the customer like to achieve this? (List the functional requirements here)
N/A

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
N/A

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
N/A

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
Soon as possible

9. Is the sales team involved in this request and do they have any additional input?
N/A

10. List any affected packages or components.
sssd-1.14.0-43.el7

11. Would the customer be able to assist in testing this functionality if implemented?
N/A
Comment 2 Jakub Hrozek 2016-12-08 09:43:19 UTC 
Hmm, I'm sorry, but it's still not completely clear to me what the issue is. 
The server side LDAP search helps a bit, but I'm having trouble parsing what the myfilterattr subfilters stand for.

Could I please see the sssd debug logs with the automounter searches that are performed by SSSD and perhaps also the sssd.conf file to see if some customer search bases or filters are defined there?
Comment 3 Eugene Keck 2016-12-14 14:22:39 UTC 
From the customer:

File: /etc/sssd/sssd.conf
ldap_search_base = ou=example,dc=com
ldap_autofs_search_base=ou=automount,ou=example,dc=com?subtree?(|(myfilter=global)(myfilter=a6789)(myfilter=myhost.gs.com)) 

See (below) it is using the same filter as specified in sssd.conf, for "automountmapname = auto.home"!!!
This is the issue!!!
 
>>>>>
SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName"
SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1
>>>>>

NOTE: The same filter is applied to a automount object (e.g.: /home/xyz)
Comment 5 Jakub Hrozek 2017-08-14 13:20:44 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3477
Comment 8 Tomas Halman 2020-04-24 09:45:51 UTC 
Due to out limited capacity we are closing this RFE.