Description of problem: Something a bit hinky going on... First I thought you couldn't create groups with spaces in their name, because it was returning a "Group show failed: <group>%20<name> not found" error. As it turns out, it did create the group, and if you go into Find Group, you can find and display the group ok. If you add members to the group, you get the same error message when you click "update", but again, if you go back and display the group, you see all the members that you added. Version-Release number of selected component (if applicable): 1.0 beta How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Added to Release Notes.
Unix group names are limited to the regex [a-z_][a-z0-9_-]*[$] by shadow-utils. It also imposes a 16-character maximum due to HP/ux 10. Unfortunately the library that shadow-utils uses to do the enforcement is linked statically against all the utilities (groupadd, etc). So we can't tie directly into it and will have to duplicate it. I think that for IPA v1 we'll need to at least enforce the same rules that group utilities do and perhaps do something a bit more graceful later. Samba does a mapping of unix <-> Windows group names, as defined at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
Fedora patches it to be this: + * User/group names must match gnu e-regex: + * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? + * + * as a non-POSIX, extension, allow "$" as the last char for + * sake of Samba 3.x "add machine script"
Created attachment 313561 [details] Use same regex as shadow-utils
Created attachment 313645 [details] Re-based patch to use same regex as shadow-utils and change validation to be more obvious
master: 110f60da8e8cbf2b83f66b4959857dc62b407f06 In effect we are not support spaces in group names currently. Once AD integration is done some mapping will be needed but that will be done via a separate mechanism.
This also looks like FAQ material. Yes, it's in the relnotes but I think once it's established the FAQ will get more hits than the relnotes. I can summarize what I find in this bug report and the relnotes and make an FAQ entry if ppl are agreeable.
A couple of minor fixes. master: a013fe5cc23a88520cdffc779d013b8e5407cf81
Fix verified: Can not create group with spaces in the name. [root@jennyv3 /]# ipa-addgroup "group spaces" Group name may only include letters, numbers, _, -, . and $ [root@jennyv3 /]# ipa-findgroup "group spaces" 8 entries were found. Which one would you like to display? 1: admins 2: ipausers 3: top 4: sub1 5: sub2 6: access 7: test 8: mygroup Choose one: (1 - 8), 0 for all, q to quit: q