Bug 658309
Summary: | Managed Entries plugin appears not to be escaping $$ correctly | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Jr Aquino <jr.aquino> | ||||||
Component: | Directory Server | Assignee: | Amita Sharma <amsharma> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 1.2.7 | CC: | amsharma, nkinder, rmeggins | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-12-07 17:07:08 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 576869, 639035 | ||||||||
Attachments: |
|
Description
Jr Aquino
2010-11-29 23:32:20 UTC
After discussing this issue with Rob, we found that the issue is a bit different than initially described. FreeIPA uses user_private_groups.ldif as a template, so it is not creating the Managed Entry template with "$$" in it. This will be a single "$" by the time it is added to 389 DS. I ran a test against 389 DS to see if we are handling an escaped "$" character in a mapped attribute value, and we do have a problem. We do recognize that "$$" is not a macro, but is an escaped "$" character, but we fail to remove the escape from the resulting value. Here is an example: Template: --------- dn: cn=UPG Template,dc=example,dc=com objectClass: mepTemplateEntry objectClass: top cn: UPG Template mepRDNAttr: cn mepStaticAttr: objectclass: posixGroup mepMappedAttr: cn: $uid mepMappedAttr: gidNumber: $gidNumber mepMappedAttr: description: User private group $$ for $uid Resulting Managed Entry: ------------------------ dn: cn=tuser1,dc=example,dc=com objectClass: posixGroup objectClass: mepManagedEntry objectClass: top cn: tuser1 gidNumber: 500 description: User private group $$ for tuser1 mepManagedBy: uid=tuser1,dc=example,dc=com The description attribute should be "User private group $ for tuser1", but we are leaving the escape character in the value. Created attachment 464324 [details]
Patch
Patch pushed to master. Thanks to Rich for his review! Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.39 KiB, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git cf96e0a..2801442 master -> master Created attachment 512154 [details] SS [root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=UPG Template,dc=example,dc=com objectClass: mepTemplateEntry objectClass: top cn: UPG Template mepRDNAttr: cn mepStaticAttr: objectclass: posixGroup mepMappedAttr: cn: \$uid mepMappedAttr: gidNumber: \$gidNumber mepMappedAttr: description: User private group \$$ for \$uid EOF adding new entry "cn=UPG Template,dc=example,dc=com" [root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config > objectclass: extensibleObject > cn: UPG Definition > originScope: cn=users,dc=example,dc=com > originFilter: objectclass=posixAccount > managedBase: cn=groups,dc=example,dc=com > managedTemplate: cn=UPG Template,dc=example,dc=com > EOF adding new entry "cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config" PFA for the description attribute value is as expected. |