Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group enumeration does not work if group name contains '#' #7876

Closed
thalman opened this issue Mar 13, 2025 · 2 comments
Closed

Group enumeration does not work if group name contains '#' #7876

thalman opened this issue Mar 13, 2025 · 2 comments
Assignees
@thalman
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@thalman
Copy link
Contributor

thalman commented Mar 13, 2025

Steps to reproduce

  • Set up system with sssd to fetch data from LDAP server
  • Set 'enumerate=true' in sssd.conf file
  • Configure a group in LDAP server with # character in group-name (at the second to last position)
  • Check if 'getent group' & 'getent group -s sss' shows any LDAP group. It only shows LOCAL groups
thalman added a commit to thalman/sssd that referenced this issue Mar 13, 2025
@thalman
Enumerate group with # in the name
731afc5 
This patch fixes enumeration when DN in LDAP server
contains special characters.

The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized.

Resolves: SSSD#7876
@thalman thalman mentioned this issue Mar 13, 2025
Closed
thalman added a commit to thalman/sssd that referenced this issue Mar 13, 2025
@thalman
Enumerate object with escaped characters in name
5e99cc9 
This patch fixes enumeration when DN in LDAP server
contains special characters.

The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized into '\5c#'
before they are used for searching.

Resolves: SSSD#7876
thalman added a commit to thalman/sssd that referenced this issue Mar 18, 2025
@thalman
Enumerate object with escaped characters in name
a6a80f9 
This patch fixes enumeration when DN in LDAP server
contains special characters.

The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized into '\5c#'
before they are used for searching.

Resolves: SSSD#7876
@alexey-tikhonov
Copy link
Member

Pushed PR: #7877

  • master
    • 158b4cd - Enumerate object with escaped characters in name
    • 4cb6593 - test: enumeration with # in the group name

@alexey-tikhonov alexey-tikhonov added the Closed: Fixed Issue was closed as fixed. label Mar 24, 2025
thalman added a commit to thalman/sssd that referenced this issue Mar 25, 2025
@thalman
Enumerate object with escaped characters in name
6fc1dfe 
This patch fixes enumeration when DN in LDAP server
contains special characters.

The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized into '\5c#'
before they are used for searching.

Resolves: SSSD#7876

Reviewed-by: Alejandro López <[email protected]>
Reviewed-by: Dan Lavu <[email protected]>
(cherry picked from commit 158b4cd)
alexey-tikhonov pushed a commit that referenced this issue Mar 26, 2025
@thalman @alexey-tikhonov
Enumerate object with escaped characters in name
116d622 
This patch fixes enumeration when DN in LDAP server
contains special characters.

The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized into '\5c#'
before they are used for searching.

Resolves: #7876

Reviewed-by: Alejandro López <[email protected]>
Reviewed-by: Dan Lavu <[email protected]>
(cherry picked from commit 158b4cd)

Reviewed-by: Alejandro López <[email protected]>
@alexey-tikhonov
Copy link
Member

Pushed PR: #7893

  • sssd-2-9
    • 116d622 - Enumerate object with escaped characters in name
    • 53365dc - test: enumeration with # in the group name

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thalman thalman

Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enumerate objects with '#' in name thalman/sssd
2 participants
@thalman @alexey-tikhonov