I'm trying to craft an ldap search filter for use with
ldap_user_search_base in sssd.conf which is using Actice Directory (AD)
as the back end on CentOS 7 clients
The filter looks for users that are memberOf a particular group -
however, the group name start with a '#' character - i.e. in AD, the
group name is listed as something like '#ABC XYZ'
But when I set ldap_user_search_base to something like:
ldap_user_search_base =
OU=Users,DC=Example,DC=com?subtree?(memberOf=CN=#ABC
XYZ,OU=Groups,DC=Example,DC=com)
then 'getent passwd user' fails to return anything (for 'user' that is
in that group)
However, when using the above syntax with a group name that doesn't
start with a '#' character, then things work as expected
When I use ldapsearch, it reports that the user is a memberOf:
memberOf: CN=\#ABC XYZ,OU=Groups,DC=Example,DC=com
But using the '\' in sssd.conf for the search filter cause sssd to error
with 'Invalid search filter' in the logs
Escaping the Escape ('\\') also gives 'Invalid search filter'
Does anyone know how to 'escape' special characters in search filters in
sssd.conf ?
Thanks
James Pearson
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
