Sections of the FreeIPA framework are not escaping special LDAP characters in the DN and in the search filter.
To test:
create a sudo command: "/usr/sbin/less /etc/*"
then
ipa sudocmd-find --all
check /var/log/dirsrv-slapd-EXAMPLE-COM/access and verify you see the * character in the search filter.
http://www.python-ldap.org/doc/html/ldap-filter.html http://www.python-ldap.org/doc/html/ldap-dn.html
attachment freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch
commit 463d7d2 Author: Jr Aquino jr.aquino@citrix.com Date: Wed Mar 30 15:14:57 2011 -0700
Escape LDAP characters in member and memberof searches https://fedorahosted.org/freeipa/ticket/1140
Metadata Update from @jraquino: - Issue assigned to jraquino - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.