Bug 450613
Summary: | IPA doesn't handle group names with spaces properly | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] freeIPA | Reporter: | David O'Brien <daobrien> | ||||||
Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 1.0 | CC: | benl, jgalipea, olfway, ssorce | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-03-27 07:14:24 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 453489, 457124 | ||||||||
Attachments: |
|
Description
David O'Brien
2008-06-09 21:02:29 UTC
Added to Release Notes. Unix group names are limited to the regex [a-z_][a-z0-9_-]*[$] by shadow-utils. It also imposes a 16-character maximum due to HP/ux 10. Unfortunately the library that shadow-utils uses to do the enforcement is linked statically against all the utilities (groupadd, etc). So we can't tie directly into it and will have to duplicate it. I think that for IPA v1 we'll need to at least enforce the same rules that group utilities do and perhaps do something a bit more graceful later. Samba does a mapping of unix <-> Windows group names, as defined at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html Fedora patches it to be this: + * User/group names must match gnu e-regex: + * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? + * + * as a non-POSIX, extension, allow "$" as the last char for + * sake of Samba 3.x "add machine script" Created attachment 313561 [details]
Use same regex as shadow-utils
Created attachment 313645 [details]
Re-based patch to use same regex as shadow-utils and change validation to be more obvious
master: 110f60da8e8cbf2b83f66b4959857dc62b407f06 In effect we are not support spaces in group names currently. Once AD integration is done some mapping will be needed but that will be done via a separate mechanism. This also looks like FAQ material. Yes, it's in the relnotes but I think once it's established the FAQ will get more hits than the relnotes. I can summarize what I find in this bug report and the relnotes and make an FAQ entry if ppl are agreeable. A couple of minor fixes. master: a013fe5cc23a88520cdffc779d013b8e5407cf81 Fix verified: Can not create group with spaces in the name. [root@jennyv3 /]# ipa-addgroup "group spaces" Group name may only include letters, numbers, _, -, . and $ [root@jennyv3 /]# ipa-findgroup "group spaces" 8 entries were found. Which one would you like to display? 1: admins 2: ipausers 3: top 4: sub1 5: sub2 6: access 7: test 8: mygroup Choose one: (1 - 8), 0 for all, q to quit: q |