Red Hat Bugzilla – Bug 1252089
Satellite 6 AD integration - find_by_dn incorrectly splitting a DN string blindly on comma
Last modified: 2017-09-15 04:27:39 EDT
Description of problem:
File /opt/rh/ruby193/root/usr/share/gems/gems/ldap_fluff-0.3.2/lib/ldap_fluff/generic_member_service.rb has function "find_by_dn" on line 24. The first split function in this file is incorrectly splitting a DN string blindly on comma. It is not factoring in that AD frequently uses lastname, firstname as part of the users DN and therefore the CN and base values are being broken out incorrectly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Customer conducts a puts call with some debugging info into this call and receive the following:
[ 2015-07-17 10:09:14.5163 28787/7f102826e700 Pool2/Implementation.cpp:1274 ]: [App 28886 stdout] VER001
dn :CN=Jones\, James E. (FKN),OU=DomainDODUsers,OU=UsersGroups,DC=accounts,DC=root,DC=corp:
Base : James E. (FKN),OU=DomainDODUsers,OU=UsersGroups,DC=accounts,DC=root,DC=corp:
The initial split gives a DN piece of "DN=Miller" and an OU structure of " Sean (HPX),OU=blah,OU=boo, etc..."
DN=Miller, Sean (HPX),OU=blah,OU=boo, etc ...
From customer: To correct this behavior I had to modify the code from "split on comma" to "split on ',OU=' and then put OU= back on the fromt of the OU portion.
As for the rest, basically, once I implemented this change, it took a while before things started working as expected.
A slightly different way of fixing the problem has been integrated into ldap_fluff; see https://github.com/theforeman/ldap_fluff/pull/46.
I've verified that the commit in the pull request, https://github.com/jaredjennings/ldap_fluff/commit/183e87be6a6fed658e25099972fdbf7b82046b89, applies cleanly to version 0.3.2, and after application all the tests succeed (including the one added).
Moving 6.2 bugs out to sat-backlog.
This was fixed back in 2015 by https://github.com/theforeman/ldap_fluff/commit/183e87be6a6fed658e25099972fdbf7b82046b89 - which was released with 6.2. Please reopen if you find the problem again.