#1880 Simple access control always denies uppercased users in case insensitive domain
Closed: Fixed None Opened 8 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 950874

Description of problem:
Simple access control always denies uppercased users in case insensitive domain

Version-Release number of selected component (if applicable):
1.9.2-82.4.el6_4

How reproducible:
Always

Steps to Reproduce:
1. On ldap server, the user and group is added as follows:
- On ldap server, the user and group is saved as:
# ldapsearch -x -LLL -b "dc=example,dc=com" uid=User_CS1
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
userPassword:: U2VjcmV0MTIz
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560

# ldapsearch -x -LLL -b "dc=example,dc=com" cn=User_CS1_grp1
dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com
objectClass: posixGroup
memberUid: User_CS1
cn: User_CS1_grp1_Alias
cn: User_CS1_grp1
gidNumber: 304560


2. The domain section of sssd.conf has:
[domain/LDAP]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://ldapserver.example.com
ldap_search_base = dc=example,dc=com
case_sensitive = false
access_provider = simple
simple_deny_groups = user_cs1_grp1
ldap_tls_cacert = /etc/openldap/certs/cacert.pem

3. Try to login as the user:
# ssh -l User_CS1 localhost
User_CS1@localhost's password:
Connection closed by ::1


Actual results:
Login fails.
Domain log always shows:
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [sysdb_search_user_by_name]
(0x0400): No such entry
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_check_get_groups_send]
(0x0080): No such user user_cs1
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_access_check_recv]
(0x1000): Access not granted

Expected results:
Login should succeed.

Additional info:
This was working fine before the Z-Stream upgrade.

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
priority: major => blocker
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2922

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata