Bug 600352
Summary: | Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search_ext to fail. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> | ||||
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 6.0 | CC: | benl, dpal, jgalipea | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | sssd-1.2.0-14.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-11-10 21:39:52 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 579775 | ||||||
Attachments: |
|
Verified ldap_access_filter wrapped with parentheses i.e., ldap_access_filter = (&(uidNumber>=1002)(uidNumber<=1003)) and without parentheses i.e., ldap_access_filter = &(uidNumber>=1002)(uidNumber<=1003). Version: sssd-1.2.1-21.el6. Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |
Created attachment 421239 [details] sssd.conf Description of problem: Version-Release number of selected component (if applicable): sssd-1.2.0-12.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure sssd.conf for native ldap domain. 2. Add ldap_access_filter = (&(uidNumber>=1069)(uidNumber<=1071)) 3. Clear cache and restart sssd service. 4. Auth with user "auser1" having uidNumber as 1070. Actual results: (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_dn_done] (6): Checking filter against LDAP (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=auser1)(objectclass=posixAccount)(((uidNumber>1069)(uidNumber<1071))))][uid=auser1,ou=People,dc=example,dc=com]. (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_access_done] (1): sdap_get_generic_send() returned error [5][Input/output error](Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_done] (1): Error retrieving access check result. (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)] Expected results: Authentication should succeed and it should be safe to wrap the access filter in parentheses. Additional info: