Description of problem: When trying to configure a new Managed Entry for FreeIPA, I created a mapping for: mepMappedAttr: cn: $$cn I was told that this is incorrect and should be reviewed as a bug. /usr/share/ipa/user_private_groups.ldif contains this syntax for FreeIPA Version-Release number of selected component (if applicable): How reproducible: View: /usr/share/ipa/user_private_groups.ldif Steps to Reproduce: 1. remove one of the $ from: install/share/user_private_groups.ldif 2. install FreeIPA Actual results: Installer bails out. Expected results: Installer continues successfully. Additional info:
After discussing this issue with Rob, we found that the issue is a bit different than initially described. FreeIPA uses user_private_groups.ldif as a template, so it is not creating the Managed Entry template with "$$" in it. This will be a single "$" by the time it is added to 389 DS. I ran a test against 389 DS to see if we are handling an escaped "$" character in a mapped attribute value, and we do have a problem. We do recognize that "$$" is not a macro, but is an escaped "$" character, but we fail to remove the escape from the resulting value. Here is an example: Template: --------- dn: cn=UPG Template,dc=example,dc=com objectClass: mepTemplateEntry objectClass: top cn: UPG Template mepRDNAttr: cn mepStaticAttr: objectclass: posixGroup mepMappedAttr: cn: $uid mepMappedAttr: gidNumber: $gidNumber mepMappedAttr: description: User private group $$ for $uid Resulting Managed Entry: ------------------------ dn: cn=tuser1,dc=example,dc=com objectClass: posixGroup objectClass: mepManagedEntry objectClass: top cn: tuser1 gidNumber: 500 description: User private group $$ for tuser1 mepManagedBy: uid=tuser1,dc=example,dc=com The description attribute should be "User private group $ for tuser1", but we are leaving the escape character in the value.
Created attachment 464324 [details] Patch
Patch pushed to master. Thanks to Rich for his review! Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.39 KiB, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git cf96e0a..2801442 master -> master
Created attachment 512154 [details] SS [root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=UPG Template,dc=example,dc=com objectClass: mepTemplateEntry objectClass: top cn: UPG Template mepRDNAttr: cn mepStaticAttr: objectclass: posixGroup mepMappedAttr: cn: \$uid mepMappedAttr: gidNumber: \$gidNumber mepMappedAttr: description: User private group \$$ for \$uid EOF adding new entry "cn=UPG Template,dc=example,dc=com" [root@rhel61 /]# ldapadd -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config > objectclass: extensibleObject > cn: UPG Definition > originScope: cn=users,dc=example,dc=com > originFilter: objectclass=posixAccount > managedBase: cn=groups,dc=example,dc=com > managedTemplate: cn=UPG Template,dc=example,dc=com > EOF adding new entry "cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config" PFA for the description attribute value is as expected.