Project

General

Profile

Actions

Bug #10545

closed

Rudder fails to accept inventories with user account different only in their case

Added by François ARMAND over 7 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Assignee:
Jonathan CLARKE
Category:
Web - Nodes & inventories
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

On a node, if we have both user "TEST" and "test" defined, the inventory can not be added to Rudder with the following error:

[2017-03-31 11:15:33] ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to add entry 'nodeId=ffffffff-bdf1-0000-02a1-3d44ad000000,ou=Nodes,ou=Pending Inventories,ou=Inventories,cn=rudder-configuration'.  Reported exception was: localAccountName: value #22 provided more than once
com.unboundid.ldap.sdk.LDAPException: localAccountName: value #22 provided more than once

Case is important in accounts, and that must be supported.

Actions #1

Updated by François ARMAND over 7 years ago

The problem is that we are declaring localAccountName in LDAP schema as follow:

attributeTypes: ( 1.3.6.1.4.1.35061.1.1.300.5
  NAME 'localAccountName'
  DESC 'A local account name (login) on the server'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

The equality match is case unsensitive. It should not.

We can safelly change it to "caseExactMatch", because we are making the comparison stricter that way, so no user will have a corrupted data base doing so.

You can make the change by hand, on the root server:

root@server# vim /opt/rudder/etc/openldap/schema/inventory.schema
# go to localAccountName and change caseIgnoreMatch into caseExactMatch
root@server# service rudder-slapd restart
....
[OK]
Actions #2

Updated by François ARMAND over 7 years ago

  • Status changed from New to In progress
Actions #3

Updated by François ARMAND over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Jonathan CLARKE
  • Pull Request set to https://github.com/Normation/ldap-inventory/pull/103
Actions #4

Updated by François ARMAND over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.19, 4.0.4 and 4.1.1 which were released today.

Actions

Also available in: Atom PDF