Bug 830349
Summary: | cannot use & in a sasl map search filter | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Nathan Kinder <nkinder> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 6.4 | CC: | jgalipea, jrusnack, mreynolds |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.11.12-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Using a compound search filter (with an ampersand "&" character) for the SASL mapping, the "&" was not escaped properly.
Consequence: SASL mapping fails to map the SASL identity to a DN, and SASL authentication fails.
Fix: check for '&', and don't escape it.
Result: mapping succeeds
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 08:17:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nathan Kinder
2012-06-08 21:43:50 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. IP=192.168.122.86 PORT=22222 ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 <<-EOF dn: cn=mymap1,cn=mapping,cn=sasl,cn=config changetype: add objectclass: top objectclass: nsSaslMapping cn: mymap1 nsSaslMapRegexString: .* nsSaslMapBaseDNTemplate: ou=TestPeople, o=sasl.com nsSaslMapFilterTemplate: (|(&(uid=\1)(objectclass=person))(&(uid=\1)(objectclass=inetOrgPerson))) EOF /usr/lib64/dirsrv/slapd-dstet/restart-slapd [jrusnack@dstet 6.0]$ ldapsearch -LLL -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -b "cn=mymap1,cn=mapping,cn=sasl,cn=config" cn dn: cn=mymap1,cn=mapping,cn=sasl,cn=config cn: mymap1 [jrusnack@dstet 6.0]$ echo $? 0 [jrusnack@dstet 6.0]$ rpm -qa | grep 389-ds-base 389-ds-base-1.2.11.15-2.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html |