Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1399304

Summary: [RFE] sssd - Search filter should not be applied to automountmaps.
Product: Red Hat Enterprise Linux 8 Reporter: Eugene Keck <ekeck>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED WONTFIX QA Contact: Steeve Goveas <sgoveas>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.1CC: grajaiya, jhrozek, mkosek, pbrezina, subu.ayyagari, thalman, tscherf
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.1Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-24 09:45:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1420851    

Description Eugene Keck 2016-11-28 17:48:56 UTC 
1. Proposed title of this feature request
Search filter should not be applied to automountmaps.

2. Who is the customer behind the request?
Account: GOLDMAN SACHS #62816
TAM customer: no
SRM customer: no
Strategic: yes

3. What is the nature and description of the request?
Search filter should not be applied to automountmaps. They are global (e.g.:  'auto.home')

4. Why does the customer need this? (List the business requirements here)
From customers comments:

The ldap search filter should not be applied to map entries, but SSSD does apply the filter!.
E.g.: There is no benefit to limit maps like 'auto.home'.

Search filter should not be applied to automountmaps.
     They are global (e.g.:  'auto.home')

Filter is applied to automountmap. 
I am forced to apply "global" value to each automountmap to get over this behavior.

SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName"
SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1

5. How would the customer like to achieve this? (List the functional requirements here)
N/A

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
N/A

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
N/A

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
Soon as possible

9. Is the sales team involved in this request and do they have any additional input?
N/A

10. List any affected packages or components.
sssd-1.14.0-43.el7

11. Would the customer be able to assist in testing this functionality if implemented?
N/A
Comment 2 Jakub Hrozek 2016-12-08 09:43:19 UTC 
Hmm, I'm sorry, but it's still not completely clear to me what the issue is. 
The server side LDAP search helps a bit, but I'm having trouble parsing what the myfilterattr subfilters stand for.

Could I please see the sssd debug logs with the automounter searches that are performed by SSSD and perhaps also the sssd.conf file to see if some customer search bases or filters are defined there?
Comment 3 Eugene Keck 2016-12-14 14:22:39 UTC 
From the customer:

File: /etc/sssd/sssd.conf
ldap_search_base = ou=example,dc=com
ldap_autofs_search_base=ou=automount,ou=example,dc=com?subtree?(|(myfilter=global)(myfilter=a6789)(myfilter=myhost.gs.com)) 

See (below) it is using the same filter as specified in sssd.conf, for "automountmapname = auto.home"!!!
This is the issue!!!
 
>>>>>
SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName"
SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1
>>>>>

NOTE: The same filter is applied to a automount object (e.g.: /home/xyz)
Comment 5 Jakub Hrozek 2017-08-14 13:20:44 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3477
Comment 8 Tomas Halman 2020-04-24 09:45:51 UTC 
Due to out limited capacity we are closing this RFE.