#1880 Simple access control always denies uppercased users in case insensitive domain
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 950874

Description of problem:
Simple access control always denies uppercased users in case insensitive domain

Version-Release number of selected component (if applicable):
1.9.2-82.4.el6_4

How reproducible:
Always

Steps to Reproduce:
1. On ldap server, the user and group is added as follows:
- On ldap server, the user and group is saved as:
# ldapsearch -x -LLL -b "dc=example,dc=com" uid=User_CS1
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
userPassword:: U2VjcmV0MTIz
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560

# ldapsearch -x -LLL -b "dc=example,dc=com" cn=User_CS1_grp1
dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com
objectClass: posixGroup
memberUid: User_CS1
cn: User_CS1_grp1_Alias
cn: User_CS1_grp1
gidNumber: 304560


2. The domain section of sssd.conf has:
[domain/LDAP]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://ldapserver.example.com
ldap_search_base = dc=example,dc=com
case_sensitive = false
access_provider = simple
simple_deny_groups = user_cs1_grp1
ldap_tls_cacert = /etc/openldap/certs/cacert.pem

3. Try to login as the user:
# ssh -l User_CS1 localhost
User_CS1@localhost's password:
Connection closed by ::1


Actual results:
Login fails.
Domain log always shows:
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [sysdb_search_user_by_name]
(0x0400): No such entry
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_check_get_groups_send]
(0x0080): No such user user_cs1
(Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_access_check_recv]
(0x1000): Access not granted

Expected results:
Login should succeed.

Additional info:
This was working fine before the Z-Stream upgrade.

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
priority: major => blocker
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.5

2 years ago

Login to comment on this ticket.

Metadata