Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 950874
Description of problem: Simple access control always denies uppercased users in case insensitive domain Version-Release number of selected component (if applicable): 1.9.2-82.4.el6_4 How reproducible: Always Steps to Reproduce: 1. On ldap server, the user and group is added as follows: - On ldap server, the user and group is saved as: # ldapsearch -x -LLL -b "dc=example,dc=com" uid=User_CS1 dn: uid=User_CS1,ou=Users,dc=example,dc=com objectClass: posixAccount objectClass: account cn: User_CS1 homeDirectory: /home/User_CS1 userPassword:: U2VjcmV0MTIz uid: User_CS1_Alias uid: User_CS1 uidNumber: 304560 gidNumber: 304560 # ldapsearch -x -LLL -b "dc=example,dc=com" cn=User_CS1_grp1 dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com objectClass: posixGroup memberUid: User_CS1 cn: User_CS1_grp1_Alias cn: User_CS1_grp1 gidNumber: 304560 2. The domain section of sssd.conf has: [domain/LDAP] debug_level = 0xFFF0 id_provider = ldap ldap_uri = ldap://ldapserver.example.com ldap_search_base = dc=example,dc=com case_sensitive = false access_provider = simple simple_deny_groups = user_cs1_grp1 ldap_tls_cacert = /etc/openldap/certs/cacert.pem 3. Try to login as the user: # ssh -l User_CS1 localhost User_CS1@localhost's password: Connection closed by ::1 Actual results: Login fails. Domain log always shows: (Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [sysdb_search_user_by_name] (0x0400): No such entry (Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_check_get_groups_send] (0x0080): No such user user_cs1 (Thu Apr 11 00:44:12 2013) [sssd[be[LDAP]]] [simple_access_check_recv] (0x1000): Access not granted Expected results: Login should succeed. Additional info: This was working fine before the Z-Stream upgrade.
Fields changed
blockedby: => blocking: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => owner: somebody => jhrozek priority: major => blocker review: True => 0 selected: => status: new => assigned testsupdated: => 0
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.9.5
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2922
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.