Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 600352 - Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search_ext to fail.
Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Stephen Gallagher
Chandrasekar Kannan
Depends On:
Blocks: 579775
  Show dependency treegraph
Reported: 2010-06-04 10:24 EDT by Gowrishankar Rajaiyan
Modified: 2015-01-04 18:42 EST (History)
3 users (show)

See Also:
Fixed In Version: sssd-1.2.0-14.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-11-10 16:39:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
sssd.conf (625 bytes, text/plain)
2010-06-04 10:24 EDT, Gowrishankar Rajaiyan
no flags Details

  None (edit)
Description Gowrishankar Rajaiyan 2010-06-04 10:24:34 EDT
Created attachment 421239 [details]

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure sssd.conf for native ldap domain.
2. Add ldap_access_filter = (&(uidNumber>=1069)(uidNumber<=1071))
3. Clear cache and restart sssd service.
4. Auth with user "auser1" having uidNumber as 1070.
Actual results:
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_dn_done] (6): Checking filter against LDAP
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=auser1)(objectclass=posixAccount)(((uidNumber>1069)(uidNumber<1071))))][uid=auser1,ou=People,dc=example,dc=com].
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_access_done] (1): sdap_get_generic_send() returned error [5][Input/output error](Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_done] (1): Error retrieving access check result.
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)]

Expected results:
Authentication should succeed and it should be safe to wrap the access filter in parentheses.

Additional info:
Comment 3 Gowrishankar Rajaiyan 2010-07-27 04:28:14 EDT
Verified ldap_access_filter wrapped with parentheses i.e., ldap_access_filter = (&(uidNumber>=1002)(uidNumber<=1003)) and without parentheses i.e., ldap_access_filter = &(uidNumber>=1002)(uidNumber<=1003).

Version: sssd-1.2.1-21.el6.
Comment 4 releng-rhel@redhat.com 2010-11-10 16:39:52 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.