Bug 658309 - Managed Entries plugin appears not to be escaping $$ correctly
Summary: Managed Entries plugin appears not to be escaping $$ correctly
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.7
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Amita Sharma
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 389_1.2.7 639035
TreeView+ depends on / blocked
 
Reported: 2010-11-29 23:32 UTC by Jr Aquino
Modified: 2015-12-07 17:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 17:07:08 UTC


Attachments (Terms of Use)
Patch (4.42 KB, patch)
2010-12-02 18:29 UTC, Nathan Kinder
nkinder: review?
rmeggins: review+
Details | Diff
SS (23.62 KB, image/png)
2011-07-11 08:50 UTC, Amita Sharma
no flags Details

Description Jr Aquino 2010-11-29 23:32:20 UTC
Description of problem:
When trying to configure a new Managed Entry for FreeIPA, I created a mapping for: 
mepMappedAttr: cn: $$cn

I was told that this is incorrect and should be reviewed as a bug.

/usr/share/ipa/user_private_groups.ldif contains this syntax for FreeIPA

Version-Release number of selected component (if applicable):


How reproducible:
View: /usr/share/ipa/user_private_groups.ldif

Steps to Reproduce:
1. remove one of the $ from: install/share/user_private_groups.ldif
2. install FreeIPA
  
Actual results:
Installer bails out.

Expected results:
Installer continues successfully.

Additional info:

Comment 1 Nathan Kinder 2010-11-30 21:07:17 UTC
After discussing this issue with Rob, we found that the issue is a bit different than initially described.  FreeIPA uses user_private_groups.ldif as a template, so it is not creating the Managed Entry template with "$$" in it.  This will be a single "$" by the time it is added to 389 DS.

I ran a test against 389 DS to see if we are handling an escaped "$" character in a mapped attribute value, and we do have a problem.  We do recognize that "$$" is not a macro, but is an escaped "$" character, but we fail to remove the escape from the resulting value.  Here is an example:

Template:
---------

dn: cn=UPG Template,dc=example,dc=com
objectClass: mepTemplateEntry
objectClass: top
cn: UPG Template
mepRDNAttr: cn
mepStaticAttr: objectclass: posixGroup
mepMappedAttr: cn: $uid
mepMappedAttr: gidNumber: $gidNumber
mepMappedAttr: description: User private group $$ for $uid

Resulting Managed Entry:
------------------------

dn: cn=tuser1,dc=example,dc=com
objectClass: posixGroup
objectClass: mepManagedEntry
objectClass: top
cn: tuser1
gidNumber: 500
description: User private group $$ for tuser1
mepManagedBy: uid=tuser1,dc=example,dc=com

The description attribute should be "User private group $ for tuser1", but we are leaving the escape character in the value.

Comment 2 Nathan Kinder 2010-12-02 18:29:30 UTC
Created attachment 464324 [details]
Patch

Comment 3 Nathan Kinder 2010-12-02 18:56:34 UTC
Patch pushed to master.  Thanks to Rich for his review!

Counting objects: 13, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.39 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   cf96e0a..2801442  master -> master

Comment 6 Amita Sharma 2011-07-11 08:50:22 UTC
Created attachment 512154 [details]
SS

[root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=UPG Template,dc=example,dc=com
objectClass: mepTemplateEntry
objectClass: top
cn: UPG Template
mepRDNAttr: cn
mepStaticAttr: objectclass: posixGroup
mepMappedAttr: cn: \$uid
mepMappedAttr: gidNumber: \$gidNumber
mepMappedAttr: description: User private group \$$ for \$uid
EOF
adding new entry "cn=UPG Template,dc=example,dc=com"

[root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
> objectclass: extensibleObject
> cn: UPG Definition
> originScope: cn=users,dc=example,dc=com
> originFilter: objectclass=posixAccount
> managedBase: cn=groups,dc=example,dc=com
> managedTemplate: cn=UPG Template,dc=example,dc=com
> EOF
adding new entry "cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config"

PFA for the description attribute value is as expected.


Note You need to log in before you can comment on or make changes to this bug.