#3491 pysss_nss_idmap: py3 constants defined as strings or bytes
Closed: Fixed 2 years ago Opened 2 years ago by frenaud.

Using python3-libsss_nss_idmap 1.15.3-1.fc26 from copr freeipa/freeipa-master

pysss_nss_idmap.SID_KEY, pysss_nss_idmap.TYPE_KEY and pysss_nss_idmap.NAME_KEY are defined as strings ('sid', 'type' and 'name') but cannot be used as keys in the results returned by pysss_nss_idmap.getsidbyname or pysss_nss_idmap.getnamebysid.

For instance, the output of getnamebysid looks like: {b'name': 'userlogin@domain.com', b'type': 3}
and result.get(pysss_nss_idmap.TYPE_KEY) or result.get(pysss_nss_idmap.NAME_KEY) fail.

The output of getsidbyname looks like: {'userlogin@domain.com': {b'sid': 'S-1-5-21-4185955025-1922848022-3738247038-1116', b'type': 3}}.

There is a mismatch between the constant types and the key types.

In order to reproduce the issue:
install ipa server, create a winsync replication agreement, then add a trust to AD and use ipa-winsync-migrate with python3 -bbE. The tool displays for each user entry to migrate:
Migration failed: userlogin@domain.com (Comparison between bytes and string)


I've provided a simple test build for flo and I'll assign the bug to myself and propose a proper fix in case my test build works for her.

Otherwise, someone else can feel free to take it over (as the solution wasn't as simple as I thought) :-)

Metadata Update from @fidencio:
- Issue assigned to fidencio

2 years ago

@frenaud Can you help me with assessing the impact? Is this something to backport to RHEL before the next release in an asynchronous update?

Metadata Update from @fidencio:
- Custom field patch adjusted to on

2 years ago

Metadata Update from @jhrozek:
- Issue tagged with: PR

2 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.15.4
- Issue status updated to: Closed (was: Open)

2 years ago

@frenaud Can you help me with assessing the impact? Is this something to backport to RHEL before the next release in an asynchronous update?

rhel does not have python3-libipa_hbac

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)

2 years ago

Login to comment on this ticket.

Metadata