Bug 600352 - Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search_ext to fail.
Summary: Wrapping the value for "ldap_access_filter" in parentheses causes ldap_search...
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.0
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 579775
TreeView+ depends on / blocked
Reported: 2010-06-04 14:24 UTC by Gowrishankar Rajaiyan
Modified: 2015-01-04 23:42 UTC (History)
3 users (show)

Clone Of:
Last Closed: 2010-11-10 21:39:52 UTC

Attachments (Terms of Use)
sssd.conf (625 bytes, text/plain)
2010-06-04 14:24 UTC, Gowrishankar Rajaiyan
no flags Details

Description Gowrishankar Rajaiyan 2010-06-04 14:24:34 UTC
Created attachment 421239 [details]

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure sssd.conf for native ldap domain.
2. Add ldap_access_filter = (&(uidNumber>=1069)(uidNumber<=1071))
3. Clear cache and restart sssd service.
4. Auth with user "auser1" having uidNumber as 1070.
Actual results:
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_dn_done] (6): Checking filter against LDAP
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=auser1)(objectclass=posixAccount)(((uidNumber>1069)(uidNumber<1071))))][uid=auser1,ou=People,dc=example,dc=com].
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_get_access_done] (1): sdap_get_generic_send() returned error [5][Input/output error](Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [sdap_access_done] (1): Error retrieving access check result.
(Fri Jun  4 18:53:51 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)]

Expected results:
Authentication should succeed and it should be safe to wrap the access filter in parentheses.

Additional info:

Comment 3 Gowrishankar Rajaiyan 2010-07-27 08:28:14 UTC
Verified ldap_access_filter wrapped with parentheses i.e., ldap_access_filter = (&(uidNumber>=1002)(uidNumber<=1003)) and without parentheses i.e., ldap_access_filter = &(uidNumber>=1002)(uidNumber<=1003).

Version: sssd-1.2.1-21.el6.

Comment 4 releng-rhel@redhat.com 2010-11-10 21:39:52 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.