7:02 p.m.
RFC4515,"String Representation of Distinguished Names", says LDAP
transactions that include strings beginning with a space or "#"
character MUST use the standard LDAP string encoding rules. Note a
"#" character in the middle or end of a string is OK, though. In my
experience the rules apply to attribute specification as well as to
filters and distinguished names.
See Kurt's RFC at http://tools.ietf.org/html/rfc4514 or
http://www.rfc-editor.org/info/rfc4514 for details on how to deal with
funky characters when talking to Directories.
--Charlie
On Thu, May 23, 2013 at 7:31 AM, Thomas Scofield <tscofield(a)gmail.com> wrote:
I tried various search strings, but I could only find groups if I
searched
for the full group name.
On May 23, 2013 3:44 AM, "René Koch (ovido)" <r.koch(a)ovido.at> wrote:
>
> Hi,
>
> I also had a problem with '#' in an customer project with RHEV 3.0, but
> we also had issues with a broken active directory replication. White
> spaces aren't a problem in groups.
>
> I can't tell if groups with '#' are working, as I told them to not use
> special characters in group names and to fix their replication. Now
> everything is working fine, but don't know if they created new groups
> for RHEV or if it was just the replication.
>
>
> Regards,
> René
>
>
>
> On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
> > I don't remember encountering such an issue, but probably never
> > checked.
> >
> > a. What is the search string you're passing in order to get the
> > users/groups?
> > b. From quick look at the code - looks like this is at the step
> > of initializing the data that will be queried - that is, before
> > sending the AD query.
> >
> >
> >
> >
> > Eli - looks like this is from the SeachQuery.InitQueryData - can you
> > elaborate here?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ______________________________________________________________________
> > From: "Thomas Scofield" <tscofield(a)gmail.com>
> > To: "users" <users(a)ovirt.org>
> > Sent: Thursday, May 23, 2013 4:06:29 AM
> > Subject: [Users] Active Directory Groups
> >
> >
> > I was attempting to assign some permissions to Active
> > Directory groups and ran into an issue where groups with
> > spaces or the # sign in them. The engine log contained
> > messages like these
> >
> >
> > 2013-05-22 08:39:35,228 WARN
> > [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-134)
> > ResourceManager::searchBusinessObjects - erroneous search text
> > - ADGROUP: name=#Virtual Engineering
> > 2013-05-22 08:39:35,228 WARN
> > [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-46)
> > ResourceManager::searchBusinessObjects - erroneous search text
> > - ADUSER: allnames=#Virtual Engineering
> >
> >
> > The group name is valid. The example above contains both the
> > space and #, but trying groups with just a space and others
> > with just a # also fail. I was able to successfully add
> > groups that contained characters and -. Has anyone else had
> > an issue like this?
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users