1205382 – Properly handle AD's binary objectGUID

Bug 1205382 - Properly handle AD's binary objectGUID

Summary: Properly handle AD's binary objectGUID

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:	GSSApproved
Duplicates (1):	1215925 (view as bug list)
Depends On:
Blocks:	1226119
TreeView+	depends on / blocked

Reported:	2015-03-24 19:43 UTC by Jakub Hrozek
Modified:	2019-08-15 04:24 UTC (History)
CC List:	11 users (show)
Fixed In Version:	sssd-1.12.4-25.el6
Doc Type:	Bug Fix
Doc Text:	* SSSD did not properly handle the "objectGUID" AD LDAP attribute. Now, SSSD considers "objectGUID" a binary value as expected, and the attribute is stored correctly. (BZ#1205382)
Clone Of:
Clones:	1226119 (view as bug list)
Environment:
Last Closed:	2015-07-22 06:43:45 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:1448	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2015-07-20 18:43:53 UTC

Description Jakub Hrozek 2015-03-24 19:43:24 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2588

The Active Directory objectGUID LDAP attribute is returned as a binary value  which is currently not handled well be SSSD. There is a string representation defined in [MS-DTYP] section 2.3.4.3 which should be used to store the attribute to the cache. Only the surrounding curly braces should be dropped because they cannot be used for LDAP searches.

Comment 2 Jakub Hrozek 2015-04-29 11:06:58 UTC

*** Bug 1215925 has been marked as a duplicate of this bug. ***

Comment 4 Kaushik Banerjee 2015-06-03 10:04:47 UTC

Verified via automation run against large no. of user and group sets on AD. Verified in sssd-1.12.4-42.el6.x86_64

Comment 7 errata-xmlrpc 2015-07-22 06:43:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1448.html

Note You need to log in before you can comment on or make changes to this bug.