Project

General

Profile

Bug #10545

Rudder fails to accept inventories with user account different only in their case

Added by François ARMAND 6 months ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
0
Tags: Sponsored

Description

On a node, if we have both user "TEST" and "test" defined, the inventory can not be added to Rudder with the following error:

[2017-03-31 11:15:33] ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to add entry 'nodeId=ffffffff-bdf1-0000-02a1-3d44ad000000,ou=Nodes,ou=Pending Inventories,ou=Inventories,cn=rudder-configuration'.  Reported exception was: localAccountName: value #22 provided more than once
com.unboundid.ldap.sdk.LDAPException: localAccountName: value #22 provided more than once

Case is important in accounts, and that must be supported.

Associated revisions

Revision 77b40df8
Added by François ARMAND 6 months ago

Fixes #10545: Rudder fails to accept inventories with user account different only in their case

History

#1 Updated by François ARMAND 6 months ago

The problem is that we are declaring localAccountName in LDAP schema as follow:

attributeTypes: ( 1.3.6.1.4.1.35061.1.1.300.5
  NAME 'localAccountName'
  DESC 'A local account name (login) on the server'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

The equality match is case unsensitive. It should not.

We can safelly change it to "caseExactMatch", because we are making the comparison stricter that way, so no user will have a corrupted data base doing so.

You can make the change by hand, on the root server:

root@server# vim /opt/rudder/etc/openldap/schema/inventory.schema
# go to localAccountName and change caseIgnoreMatch into caseExactMatch
root@server# service rudder-slapd restart
....
[OK]

#2 Updated by François ARMAND 6 months ago

  • Status changed from New to In progress

#3 Updated by François ARMAND 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Jonathan CLARKE
  • Pull Request set to https://github.com/Normation/ldap-inventory/pull/103

#4 Updated by François ARMAND 6 months ago

  • Status changed from Pending technical review to Pending release

#5 Updated by Vincent MEMBRÉ 5 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.19, 4.0.4 and 4.1.1 which were released today.

Also available in: Atom PDF