Bug 1205382 - Properly handle AD's binary objectGUID
Summary: Properly handle AD's binary objectGUID
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
URL:
Whiteboard: GSSApproved
: 1215925 (view as bug list)
Depends On:
Blocks: 1226119
TreeView+ depends on / blocked
 
Reported: 2015-03-24 19:43 UTC by Jakub Hrozek
Modified: 2019-08-15 04:24 UTC (History)
11 users (show)

Fixed In Version: sssd-1.12.4-25.el6
Doc Type: Bug Fix
Doc Text:
* SSSD did not properly handle the "objectGUID" AD LDAP attribute. Now, SSSD considers "objectGUID" a binary value as expected, and the attribute is stored correctly. (BZ#1205382)
Clone Of:
: 1226119 (view as bug list)
Environment:
Last Closed: 2015-07-22 06:43:45 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1448 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-07-20 18:43:53 UTC

Description Jakub Hrozek 2015-03-24 19:43:24 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2588

The Active Directory objectGUID LDAP attribute is returned as a binary value  which is currently not handled well be SSSD. There is a string representation defined in [MS-DTYP] section 2.3.4.3 which should be used to store the attribute to the cache. Only the surrounding curly braces should be dropped because they cannot be used for LDAP searches.

Comment 2 Jakub Hrozek 2015-04-29 11:06:58 UTC
*** Bug 1215925 has been marked as a duplicate of this bug. ***

Comment 4 Kaushik Banerjee 2015-06-03 10:04:47 UTC
Verified via automation run against large no. of user and group sets on AD. Verified in sssd-1.12.4-42.el6.x86_64

Comment 7 errata-xmlrpc 2015-07-22 06:43:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1448.html


Note You need to log in before you can comment on or make changes to this bug.