#2172 Enabling ldap_id_mapping doesn't exclude uidNumber in filter
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1037653

Description of problem:
Enabling ldap_id_mapping doesn't exclude uidNumber in filter

Version-Release number of selected component (if applicable):
1.11.2-10

How reproducible:
Always

Steps to Reproduce:
1. sssd.conf domain section:
[domain/ADTEST]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://<ad server>
ldap_id_mapping = true
ldap_schema = ad
ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
ldap_default_authtok = XXXXX

2. Lookup an AD user

Actual results:
User lookup fails. Domain log shows:
(Tue Dec  3 16:19:08 2013) [sssd[be[ADTEST]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccou
ntName=user1_dom1)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumb
er=0))))][DC=example,DC=com]

Expected results:
User lookup should work

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.3
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

owner: somebody => lslebodn
status: new => assigned

Fields changed

patch: 0 => 1

Moving tickets that didn't make 1.11.3 to 1.11.4

milestone: SSSD 1.11.3 => SSSD 1.11.4

Fields changed

priority: major => critical

resolution: => fixed
status: assigned => closed

Two additional fixes landed upstream:
- master:
- 21e7b7d
- 8c41a21
- sssd-1-11:
- cb0f731
- 5a3c166

Fields changed

changelog: => The fix makes it possible to use id_provider=ldap along with id_mapping without specifying the domain SID manually.

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3214

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata