Bug 450613
| Summary: | IPA doesn't handle group names with spaces properly | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | David O'Brien <daobrien> | ||||||
| Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.0 | CC: | benl, jgalipea, olfway, ssorce | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-03-27 07:14:24 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 453489, 457124 | ||||||||
| Attachments: |
|
||||||||
|
Description
David O'Brien
2008-06-09 21:02:29 UTC
Added to Release Notes. Unix group names are limited to the regex [a-z_][a-z0-9_-]*[$] by shadow-utils. It also imposes a 16-character maximum due to HP/ux 10. Unfortunately the library that shadow-utils uses to do the enforcement is linked statically against all the utilities (groupadd, etc). So we can't tie directly into it and will have to duplicate it. I think that for IPA v1 we'll need to at least enforce the same rules that group utilities do and perhaps do something a bit more graceful later. Samba does a mapping of unix <-> Windows group names, as defined at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html Fedora patches it to be this:
+ * User/group names must match gnu e-regex:
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+ *
+ * as a non-POSIX, extension, allow "$" as the last char for
+ * sake of Samba 3.x "add machine script"
Created attachment 313561 [details]
Use same regex as shadow-utils
Created attachment 313645 [details]
Re-based patch to use same regex as shadow-utils and change validation to be more obvious
master: 110f60da8e8cbf2b83f66b4959857dc62b407f06 In effect we are not support spaces in group names currently. Once AD integration is done some mapping will be needed but that will be done via a separate mechanism. This also looks like FAQ material. Yes, it's in the relnotes but I think once it's established the FAQ will get more hits than the relnotes. I can summarize what I find in this bug report and the relnotes and make an FAQ entry if ppl are agreeable. A couple of minor fixes. master: a013fe5cc23a88520cdffc779d013b8e5407cf81 Fix verified: Can not create group with spaces in the name. [root@jennyv3 /]# ipa-addgroup "group spaces" Group name may only include letters, numbers, _, -, . and $ [root@jennyv3 /]# ipa-findgroup "group spaces" 8 entries were found. Which one would you like to display? 1: admins 2: ipausers 3: top 4: sub1 5: sub2 6: access 7: test 8: mygroup Choose one: (1 - 8), 0 for all, q to quit: q |