sssd ldap_user_search_base filters with '#' characters in names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I'm trying to craft an ldap search filter for use with 
ldap_user_search_base in sssd.conf which is using Actice Directory (AD) 
as the back end on CentOS 7 clients

The filter looks for users that are memberOf a particular group - 
however, the group name start with a '#' character - i.e. in AD, the 
group name is listed as something like '#ABC XYZ'

But when I set ldap_user_search_base to something like:

  ldap_user_search_base = 
OU=Users,DC=Example,DC=com?subtree?(memberOf=CN=#ABC 
XYZ,OU=Groups,DC=Example,DC=com)

then 'getent passwd user' fails to return anything (for 'user' that is 
in that group)

However, when using the above syntax with a group name that doesn't 
start with a '#' character, then things work as expected

When I use ldapsearch, it reports that the user is a memberOf:

  memberOf: CN=\#ABC XYZ,OU=Groups,DC=Example,DC=com

But using the '\' in sssd.conf for the search filter cause sssd to error 
with 'Invalid search filter' in the logs

Escaping the Escape ('\\') also gives 'Invalid search filter'

Does anyone know how to 'escape' special characters in search filters in 
sssd.conf ?

Thanks

James Pearson
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux