Hide Forgot
Created attachment 421239 [details] sssd.conf Description of problem: Version-Release number of selected component (if applicable): sssd-1.2.0-12.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure sssd.conf for native ldap domain. 2. Add ldap_access_filter = (&(uidNumber>=1069)(uidNumber<=1071)) 3. Clear cache and restart sssd service. 4. Auth with user "auser1" having uidNumber as 1070. Actual results: (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_dn_done] (6): Checking filter against LDAP (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=auser1)(objectclass=posixAccount)(((uidNumber>1069)(uidNumber<1071))))][uid=auser1,ou=People,dc=example,dc=com]. (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_access_done] (1): sdap_get_generic_send() returned error [5][Input/output error](Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_done] (1): Error retrieving access check result. (Fri Jun 4 18:53:51 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)] Expected results: Authentication should succeed and it should be safe to wrap the access filter in parentheses. Additional info:
Verified ldap_access_filter wrapped with parentheses i.e., ldap_access_filter = (&(uidNumber>=1002)(uidNumber<=1003)) and without parentheses i.e., ldap_access_filter = &(uidNumber>=1002)(uidNumber<=1003). Version: sssd-1.2.1-21.el6.
Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.