nsscache icon indicating copy to clipboard operation
nsscache copied to clipboard

Published 20 hours ago verified publisher icon google

How to handle spaces in user names?

Open jtpereyda opened this issue 9 years ago • 4 comments

I don't know why my location's LDAP server is giving me user names with spaces, but it causes the update command to fail (at least the first time). Sample debug output (names tweaked for privacy):

DEBUG:NssDbShadowHandler:missing: set(['.Rose Rosey', '.Proj Trainer', '.Jim Knuth', '.Jerry Demo', '.Main Supervisors'])

On the error

  • The temp file contents do include strings like ^U^@^ARose Rosey:*:::::::0^@^E^@^A01115^V^@^A, so it's not being read back properly.
  • The cache keys, read back for verification, include items like .Rose and .Proj, with the second half truncated.

Wait a minute

Unix shortnames can't include spaces anyway, right?

Proposed Solutions:

  1. Ignore names with spaces on verification step.
  2. Ignore names with spaces on Write step.

Suggestions welcome. 2 seems like the right thing to do to me.

More error text

DEBUG:NssDbShadowHandler:Map contains 4982 elems
DEBUG:NssDbShadowHandler:executing makedb: /usr/bin/makedb - /var/lib/misc/nsscache-cache-file-qTfB8O
DEBUG:NssDbShadowHandler:4982 entries written, 4982 keys
DEBUG:NssDbShadowHandler:verification started /var/lib/misc/nsscache-cache-file-qTfB8O
DEBUG:NssDbShadowHandler:4982 written keys, 9964 cache keys
WARNING:NssDbShadowHandler:verify failed: written keys missing from the on-disk cache!
DEBUG:NssDbShadowHandler:missing: set(['.Rose Rosey', '.Proj Trainer', '.Jim Knuth', '.Jerry Demo', '.Main Supervisors'])
DEBUG:NssDbShadowHandler:rolling back, (not) deleting temp cache file '/var/lib/misc/nsscache-cache-file-qTfB8O'
WARNING:NssDbShadowHandler:verification failed, exiting

jtpereyda avatar Oct 01 '15 21:10 jtpereyda

Does the cn or uid field hold spaces on the server? I.e. does an ldapsearch give you the same results?

On Fri, 2 Oct 2015, 07:53 Joshua Pereyda [email protected] wrote:

Reopened #53 https://github.com/google/nsscache/issues/53.

— Reply to this email directly or view it on GitHub https://github.com/google/nsscache/issues/53#event-424738925.

jaqx0r avatar Oct 01 '15 22:10 jaqx0r

Yes, here's a sample from ldapsearch (again filtered for privacy):

# Proj Trainer, Users, my.example.com
dn: CN=Proj Trainer,CN=Users,DC=my,DC=example,DC=com

I think this is because I'm talking to an Active Directory server. I've hit a lot of bumps but I've almost got it working.

jtpereyda avatar Oct 01 '15 23:10 jtpereyda

FYI the ignore names on write workaround seems to work fine. I haven't gotten all the other bugs worked out yet, but I can submit a patch. I imagine other LDAP systems have a convention for this situation, though.

jtpereyda avatar Oct 01 '15 23:10 jtpereyda

We could add a command to choose to either ignore names with whitespace, or apply a transformation function.

jaqx0r avatar Apr 22 '18 02:04 jaqx0r