Bug 600352 – Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search_ext to fail.

Bug 600352 - Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search_ext to fail.

Summary:	Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search...

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Stephen Gallagher
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	579775
	Show dependency tree / graph

Reported:	2010-06-04 10:24 EDT by Gowrishankar Rajaiyan
Modified:	2015-01-04 18:42 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	sssd-1.2.0-14.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-11-10 16:39:52 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
sssd.conf (625 bytes, text/plain) 2010-06-04 10:24 EDT, Gowrishankar Rajaiyan	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Gowrishankar Rajaiyan 2010-06-04 10:24:34 EDT

Created attachment 421239 [details]
sssd.conf

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.2.0-12.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd.conf for native ldap domain.
2. Add ldap_access_filter = (&(uidNumber>=1069)(uidNumber<=1071))
3. Clear cache and restart sssd service.
4. Auth with user "auser1" having uidNumber as 1070.
  
Actual results:
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_dn_done] (6): Checking filter against LDAP
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=auser1)(objectclass=posixAccount)(((uidNumber>1069)(uidNumber<1071))))][uid=auser1,ou=People,dc=example,dc=com].
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_access_done] (1): sdap_get_generic_send() returned error [5][Input/output error](Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_done] (1): Error retrieving access check result.
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)]


Expected results:
Authentication should succeed and it should be safe to wrap the access filter in parentheses.

Additional info:

Comment 3 Gowrishankar Rajaiyan 2010-07-27 04:28:14 EDT

Verified ldap_access_filter wrapped with parentheses i.e., ldap_access_filter = (&(uidNumber>=1002)(uidNumber<=1003)) and without parentheses i.e., ldap_access_filter = &(uidNumber>=1002)(uidNumber<=1003).

Version: sssd-1.2.1-21.el6.

Comment 4 releng-rhel@redhat.com 2010-11-10 16:39:52 EST

Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.