https://bugzilla.redhat.com/show_bug.cgi?id=740854
Description of problem: Version-Release number of selected component (if applicable): ipa-server-2.1.1-4.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. [root@kungfupanda ~]# ipa sudorule-add-host Rule name: rule* [member host]: cavenger.lab.eng.pnq.redhat.com [member host group]: ipa: ERROR: rule*: sudo rule not found [root@kungfupanda ~]# 2. However, while performing the same test on hbacrule we see different error message. Actual results: [root@kungfupanda ~]# ipa hbacrule-add-host Rule name: rule* [member host]: cavenger.lab.eng.pnq.redhat.com [member host group]: ipa: ERROR: no such entry [root@kungfupanda ~]# Expected results: Should be consistent. [root@kungfupanda ~]# ipa hbacrule-add-host Rule name: rule* [member host]: cavenger.lab.eng.pnq.redhat.com [member host group]: ipa: ERROR: rule*: hbac rule not found [root@kungfupanda ~]# Additional info:
We should be escaping values before passing them to search.
We may want to limit some special characters in names otherwise (this would affect a LOT of names, may have to be done in Str parameter).
I checked our search methods in ldap.py and IIUC, escaping values should not be necessary. We already do normalization for base_dn passed to ldap2.find_entries and filter should be covered too.
master: 43c968f[[BR]] ipa-2-1: c0f3c31
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.