Hide Forgot
1. Proposed title of this feature request Search filter should not be applied to automountmaps. 2. Who is the customer behind the request? Account: GOLDMAN SACHS #62816 TAM customer: no SRM customer: no Strategic: yes 3. What is the nature and description of the request? Search filter should not be applied to automountmaps. They are global (e.g.: 'auto.home') 4. Why does the customer need this? (List the business requirements here) From customers comments: The ldap search filter should not be applied to map entries, but SSSD does apply the filter!. E.g.: There is no benefit to limit maps like 'auto.home'. Search filter should not be applied to automountmaps. They are global (e.g.: 'auto.home') Filter is applied to automountmap. I am forced to apply "global" value to each automountmap to get over this behavior. SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName" SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1 5. How would the customer like to achieve this? (List the functional requirements here) N/A 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. N/A 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? N/A 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? Soon as possible 9. Is the sales team involved in this request and do they have any additional input? N/A 10. List any affected packages or components. sssd-1.14.0-43.el7 11. Would the customer be able to assist in testing this functionality if implemented? N/A
Hmm, I'm sorry, but it's still not completely clear to me what the issue is. The server side LDAP search helps a bit, but I'm having trouble parsing what the myfilterattr subfilters stand for. Could I please see the sssd debug logs with the automounter searches that are performed by SSSD and perhaps also the sssd.conf file to see if some customer search bases or filters are defined there?
From the customer: File: /etc/sssd/sssd.conf ldap_search_base = ou=example,dc=com ldap_autofs_search_base=ou=automount,ou=example,dc=com?subtree?(|(myfilter=global)(myfilter=a6789)(myfilter=myhost.gs.com)) See (below) it is using the same filter as specified in sssd.conf, for "automountmapname = auto.home"!!! This is the issue!!! >>>>> SEARCH REQ conn=359 op=1 msgID=2 base="ou=automount,dc=example,dc=com" scope=wholeSubtree filter="(&(&(automountMapName=auto.home)(objectclass=automountMap))(|(myfilterattr=global)(myfilterattr=a6789)(myfilterattr=myhost.gs.com)))" attrs="objectClass,automountMapName" SEARCH RES conn=359 op=1 msgID=2 result=0 nentries=1 etime=1 >>>>> NOTE: The same filter is applied to a automount object (e.g.: /home/xyz)
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3477
Due to out limited capacity we are closing this RFE.