[Users] Active Directory Groups

Charlie medievalist at gmail.com
Thu May 23 16:02:05 UTC 2013 

RFC4515,"String Representation of Distinguished Names", says LDAP
transactions that include strings beginning with a space or "#"
character MUST use the standard LDAP string encoding rules.  Note a
"#" character in the middle or end of a string is OK, though.  In my
experience the rules apply to attribute specification as well as to
filters and distinguished names.

See Kurt's RFC at http://tools.ietf.org/html/rfc4514 or
http://www.rfc-editor.org/info/rfc4514 for details on how to deal with
funky characters when talking to Directories.

--Charlie

On Thu, May 23, 2013 at 7:31 AM, Thomas Scofield <tscofield at gmail.com> wrote:
> I tried various search strings,  but I could only find groups if I searched
> for the full group name.
>
> On May 23, 2013 3:44 AM, "René Koch (ovido)" <r.koch at ovido.at> wrote:
>>
>> Hi,
>>
>> I also had a problem with '#' in an customer project with RHEV 3.0, but
>> we also had issues with a broken active directory replication. White
>> spaces aren't a problem in groups.
>>
>> I can't tell if groups with '#' are working, as I told them to not use
>> special characters in group names and to fix their replication. Now
>> everything is working fine, but don't know if they created new groups
>> for RHEV or if it was just the replication.
>>
>>
>> Regards,
>> René
>>
>>
>>
>> On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
>> > I don't remember encountering such an issue, but probably never
>> > checked.
>> >
>> > a. What is the search string you're passing in order to get the
>> > users/groups?
>> > b. From quick look at the code - looks like this is at the step
>> > of initializing the data that will be queried  - that is, before
>> > sending the AD query.
>> >
>> >
>> >
>> >
>> > Eli - looks like this is from the SeachQuery.InitQueryData - can you
>> > elaborate here?
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > ______________________________________________________________________
>> >         From: "Thomas Scofield" <tscofield at gmail.com>
>> >         To: "users" <users at ovirt.org>
>> >         Sent: Thursday, May 23, 2013 4:06:29 AM
>> >         Subject: [Users] Active Directory Groups
>> >
>> >
>> >         I was attempting to assign some permissions to Active
>> >         Directory groups and ran into an issue where groups with
>> >         spaces or the # sign in them.  The engine log contained
>> >         messages like these
>> >
>> >
>> >         2013-05-22 08:39:35,228 WARN
>> >          [org.ovirt.engine.core.bll.SearchQuery]
>> >         (ajp--127.0.0.1-8702-134)
>> >         ResourceManager::searchBusinessObjects - erroneous search text
>> >         - ADGROUP: name=#Virtual Engineering
>> >         2013-05-22 08:39:35,228 WARN
>> >          [org.ovirt.engine.core.bll.SearchQuery]
>> >         (ajp--127.0.0.1-8702-46)
>> >         ResourceManager::searchBusinessObjects - erroneous search text
>> >         - ADUSER: allnames=#Virtual Engineering
>> >
>> >
>> >         The group name is valid.  The example above contains both the
>> >         space and #, but trying groups with just a space and others
>> >         with just a # also fail.  I was able to successfully add
>> >         groups that contained characters and -.  Has anyone else had
>> >         an issue like this?
>> >
>> >
>> >
>> >         _______________________________________________
>> >         Users mailing list
>> >         Users at ovirt.org
>> >         http://lists.ovirt.org/mailman/listinfo/users
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list