Issue #1895: ldap_group_object_class escaped asterisk - sssd

SSSD / sssd

#1895 ldap_group_object_class escaped asterisk

Closed: Duplicate None Opened 10 years ago by aigoshin.

i am trying to specify asterisk(*) as a value for ldap_group_object_class but sssd escapes this symbol as \2a.

jhrozek commented 10 years ago

That's by desing, we don't really support saying "any" with the OC parameter.

What usecase are you trying to solve? Maybe we could help you find some better solution.

aigoshin commented 10 years ago

we use ldap sever (neither openldap nor AD) with a schema not fully
corresponding to the one supported in sssd.

an account is described as uid=$user,cn=domain (objectclass=myUser).
it contains uidNumber and gidNumber and other attributes.

a group is described as uid=$group,cn=domain (objectclass=myGroup).
it contains gidNumber and other attributes.

to fully use posix acl in modern linux private user group should be
created. usually its name should be equal to the user name.

we want sssd to get name of private user group as user account name.
in other words to search groups using
objectclass=myUser OR objectclass=myGroup :

[(&(uid=groupname)(objectclass=)(uid=)(&(gidNumber=*)(!(gidNumber=0))))][cn=domain]

_comment0: we use ldap sever (neither openldap nor AD) with a schema not fully
corresponding to the one supported in sssd.

an account is described as uid=$user,cn=domain (objectclass=myUser).
it contains uidNumber and gidNumber and other attributes.

a group is described as uid=$group,cn=domain (objectclass=myGroup).
it contains gidNumber and other attributes.

to fully use posix acl in modern linux private user group should be
created. usually its name should be equal to the user name.

we want sssd to get name of private user group as user account name.
in other words to search groups using
objectclass=myUser OR objectclass=myGroup :

[(&(uid=username)(objectclass=)(uid=)(&(gidNumber=*)(!(gidNumber=0))))][cn=domain]
=> 1366892708760973

dpal commented 10 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12 beta
rhbz: => todo

jhrozek commented 8 years ago

Fields changed

changelog: =>
mark: => 0
priority: major => trivial
sensitive: => 0

jhrozek commented 8 years ago

User private groups are tracked in #1872, closing as a duplicate

resolution: => duplicate
status: new => closed

jhrozek commented 7 years ago

Fields changed

rhbz: todo => 0

Metadata Update from @aigoshin:
- Issue set to the milestone: SSSD 1.14 beta

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2937

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

trivial

Milestone

SSSD 1.14 beta

type

defect

component

SSSD

version

1.9.4

selected

None

testsupdated

patch

rhbz

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#1895 ldap_group_object_class escaped asterisk Closed: Duplicate None Opened 10 years ago by aigoshin.

Metadata

#1895 ldap_group_object_class escaped asterisk

Closed: Duplicate None Opened 10 years ago by aigoshin.