I was attempting to assign some permissions to Active Directory groups and ran into an issue where groups with spaces or the # sign in them. The engine log contained messages like these 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous search text - ADGROUP: name=#Virtual Engineering 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text - ADUSER: allnames=#Virtual Engineering The group name is valid. The example above contains both the space and #, but trying groups with just a space and others with just a # also fail. I was able to successfully add groups that contained characters and -. Has anyone else had an issue like this?
------=_Part_6131829_573278151.1369283762625 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit I don't remember encountering such an issue, but probably never checked. a. What is the search string you're passing in order to get the users/groups? b. From quick look at the code - looks like this is at the step of initializing the data that will be queried - that is, before sending the AD query. Eli - looks like this is from the SeachQuery.InitQueryData - can you elaborate here? ----- Original Message -----
From: "Thomas Scofield" <tscofield@gmail.com> To: "users" <users@ovirt.org> Sent: Thursday, May 23, 2013 4:06:29 AM Subject: [Users] Active Directory Groups
I was attempting to assign some permissions to Active Directory groups and ran into an issue where groups with spaces or the # sign in them. The engine log contained messages like these
2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous search text - ADGROUP: name=#Virtual Engineering 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text - ADUSER: allnames=#Virtual Engineering
The group name is valid. The example above contains both the space and #, but trying groups with just a space and others with just a # also fail. I was able to successfully add groups that contained characters and -. Has anyone else had an issue like this?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
------=_Part_6131829_573278151.1369283762625 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div>I don't remember encountering su= ch an issue, but probably never checked.<br></div><div>a. What is the searc= h string you're passing in order to get the users/groups?</div><div>b. From= quick look at the code - looks like this is at the step of initializi= ng the data that will be queried - that is, before sending the A= D query.</div><div><br></div><div><br></div><div>Eli - looks like this is f= rom the SeachQuery.InitQueryData - can you elaborate here?</div><div><br></= div><div><br></div><div><br></div><div><br></div><hr id=3D"zwchr"><blockquo= te style=3D"border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;= color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-f= amily:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Thomas Scof= ield" <tscofield@gmail.com><br><b>To: </b>"users" <users@ovirt.org= ><br><b>Sent: </b>Thursday, May 23, 2013 4:06:29 AM<br><b>Subject: </b>[= Users] Active Directory Groups<br><div><br></div><div dir=3D"ltr">I was att= empting to assign some permissions to Active Directory groups and ran into = an issue where groups with spaces or the # sign in them. The engine l= og contained messages like these<div><br></div><div><div> 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] = (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneou= s search text - ADGROUP: name=3D#Virtual Engineering</div><div>2013-05-22 0= 8:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.= 0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text= - ADUSER: allnames=3D#Virtual Engineering</div> </div><div><br></div><div style=3D"">The group name is valid. The exa= mple above contains both the space and #, but trying groups with just a spa= ce and others with just a # also fail. I was able to successfull= y add groups that contained characters and -. Has anyo= ne else had an issue like this?</div> <div><br></div></div> <br>_______________________________________________<br>Users mailing list<b= r>Users@ovirt.org<br>http://lists.ovirt.org/mailman/listinfo/users<br></blo= ckquote><div><br></div></div></body></html> ------=_Part_6131829_573278151.1369283762625--
Hi, I also had a problem with '#' in an customer project with RHEV 3.0, but we also had issues with a broken active directory replication. White spaces aren't a problem in groups. I can't tell if groups with '#' are working, as I told them to not use special characters in group names and to fix their replication. Now everything is working fine, but don't know if they created new groups for RHEV or if it was just the replication. Regards, René On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
I don't remember encountering such an issue, but probably never checked.
a. What is the search string you're passing in order to get the users/groups? b. From quick look at the code - looks like this is at the step of initializing the data that will be queried - that is, before sending the AD query.
Eli - looks like this is from the SeachQuery.InitQueryData - can you elaborate here?
______________________________________________________________________ From: "Thomas Scofield" <tscofield@gmail.com> To: "users" <users@ovirt.org> Sent: Thursday, May 23, 2013 4:06:29 AM Subject: [Users] Active Directory Groups
I was attempting to assign some permissions to Active Directory groups and ran into an issue where groups with spaces or the # sign in them. The engine log contained messages like these
2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous search text - ADGROUP: name=#Virtual Engineering 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text - ADUSER: allnames=#Virtual Engineering
The group name is valid. The example above contains both the space and #, but trying groups with just a space and others with just a # also fail. I was able to successfully add groups that contained characters and -. Has anyone else had an issue like this?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I tried various search strings, but I could only find groups if I searched for the full group name. On May 23, 2013 3:44 AM, "René Koch (ovido)" <r.koch@ovido.at> wrote:
Hi,
I also had a problem with '#' in an customer project with RHEV 3.0, but we also had issues with a broken active directory replication. White spaces aren't a problem in groups.
I can't tell if groups with '#' are working, as I told them to not use special characters in group names and to fix their replication. Now everything is working fine, but don't know if they created new groups for RHEV or if it was just the replication.
Regards, René
On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
I don't remember encountering such an issue, but probably never checked.
a. What is the search string you're passing in order to get the users/groups? b. From quick look at the code - looks like this is at the step of initializing the data that will be queried - that is, before sending the AD query.
Eli - looks like this is from the SeachQuery.InitQueryData - can you elaborate here?
______________________________________________________________________ From: "Thomas Scofield" <tscofield@gmail.com> To: "users" <users@ovirt.org> Sent: Thursday, May 23, 2013 4:06:29 AM Subject: [Users] Active Directory Groups
I was attempting to assign some permissions to Active Directory groups and ran into an issue where groups with spaces or the # sign in them. The engine log contained messages like these
2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous search text - ADGROUP: name=#Virtual Engineering 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text - ADUSER: allnames=#Virtual Engineering
The group name is valid. The example above contains both the space and #, but trying groups with just a space and others with just a # also fail. I was able to successfully add groups that contained characters and -. Has anyone else had an issue like this?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
RFC4515,"String Representation of Distinguished Names", says LDAP transactions that include strings beginning with a space or "#" character MUST use the standard LDAP string encoding rules. Note a "#" character in the middle or end of a string is OK, though. In my experience the rules apply to attribute specification as well as to filters and distinguished names. See Kurt's RFC at http://tools.ietf.org/html/rfc4514 or http://www.rfc-editor.org/info/rfc4514 for details on how to deal with funky characters when talking to Directories. --Charlie On Thu, May 23, 2013 at 7:31 AM, Thomas Scofield <tscofield@gmail.com> wrote:
I tried various search strings, but I could only find groups if I searched for the full group name.
On May 23, 2013 3:44 AM, "René Koch (ovido)" <r.koch@ovido.at> wrote:
Hi,
I also had a problem with '#' in an customer project with RHEV 3.0, but we also had issues with a broken active directory replication. White spaces aren't a problem in groups.
I can't tell if groups with '#' are working, as I told them to not use special characters in group names and to fix their replication. Now everything is working fine, but don't know if they created new groups for RHEV or if it was just the replication.
Regards, René
On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
I don't remember encountering such an issue, but probably never checked.
a. What is the search string you're passing in order to get the users/groups? b. From quick look at the code - looks like this is at the step of initializing the data that will be queried - that is, before sending the AD query.
Eli - looks like this is from the SeachQuery.InitQueryData - can you elaborate here?
______________________________________________________________________ From: "Thomas Scofield" <tscofield@gmail.com> To: "users" <users@ovirt.org> Sent: Thursday, May 23, 2013 4:06:29 AM Subject: [Users] Active Directory Groups
I was attempting to assign some permissions to Active Directory groups and ran into an issue where groups with spaces or the # sign in them. The engine log contained messages like these
2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous search text - ADGROUP: name=#Virtual Engineering 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous search text - ADUSER: allnames=#Virtual Engineering
The group name is valid. The example above contains both the space and #, but trying groups with just a space and others with just a # also fail. I was able to successfully add groups that contained characters and -. Has anyone else had an issue like this?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Charlie -
René Koch (ovido) -
Thomas Scofield -
Yair Zaslavsky