Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 950874
Description of problem:
Simple access control always denies uppercased users in case insensitive domain
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. On ldap server, the user and group is added as follows:
- On ldap server, the user and group is saved as:
# ldapsearch -x -LLL -b "dc=example,dc=com" uid=User_CS1
# ldapsearch -x -LLL -b "dc=example,dc=com" cn=User_CS1_grp1
2. The domain section of sssd.conf has:
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://ldapserver.example.com
ldap_search_base = dc=example,dc=com
case_sensitive = false
access_provider = simple
simple_deny_groups = user_cs1_grp1
ldap_tls_cacert = /etc/openldap/certs/cacert.pem
3. Try to login as the user:
# ssh -l User_CS1 localhost
Connection closed by ::1
Domain log always shows:
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [sysdb_search_user_by_name]
(0x0400): No such entry
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_check_get_groups_send]
(0x0080): No such user user_cs1
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_access_check_recv]
(0x1000): Access not granted
Login should succeed.
This was working fine before the Z-Stream upgrade.
design_review: => 0
owner: somebody => jhrozek
priority: major => blocker
review: True => 0
status: new => assigned
testsupdated: => 0
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.9.5
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.