#2172 Enabling ldap_id_mapping doesn't exclude uidNumber in filter
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1037653

Description of problem:
Enabling ldap_id_mapping doesn't exclude uidNumber in filter

Version-Release number of selected component (if applicable):
1.11.2-10

How reproducible:
Always

Steps to Reproduce:
1. sssd.conf domain section:
[domain/ADTEST]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://<ad server>
ldap_id_mapping = true
ldap_schema = ad
ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
ldap_default_authtok = XXXXX

2. Lookup an AD user

Actual results:
User lookup fails. Domain log shows:
(Tue Dec  3 16:19:08 2013) [sssd[be[ADTEST]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccou
ntName=user1_dom1)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumb
er=0))))][DC=example,DC=com]

Expected results:
User lookup should work

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.3
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

owner: somebody => lslebodn
status: new => assigned

Fields changed

patch: 0 => 1

Moving tickets that didn't make 1.11.3 to 1.11.4

milestone: SSSD 1.11.3 => SSSD 1.11.4

Fields changed

priority: major => critical

resolution: => fixed
status: assigned => closed

Two additional fixes landed upstream:
- master:
- 21e7b7d
- 8c41a21
- sssd-1-11:
- cb0f731
- 5a3c166

Fields changed

changelog: => The fix makes it possible to use id_provider=ldap along with id_mapping without specifying the domain SID manually.

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.

Metadata