cannot search users by uidnumber #28

butonic · 2020-07-24T15:59:51Z

When running EOS the OS needs to look up the user by the numeric uid. This fails with the glauth ocis-accounts backend:

ldapsearch -x -H ldap://localhost:9125 -b dc=example,dc=org -D "cn=reva,dc=example,dc=org" -w reva '(&(objectclass=posixAccount)(uidnumber=20000))'                                   
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (&(objectclass=posixAccount)(uidnumber=20000))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

might be an ocis-accounts problem

server log

2020-07-24T18:00:18+02:00 DBG Bind request basedn=dc=example,dc=org binddn=cn=reva,dc=example,dc=org service=glauth src={"IP":"::1","Port":52050,"Zone":""}
2020-07-24T18:00:18+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","term":"reva"}]} service=accounts
2020-07-24T18:00:18+02:00 DBG result result={"facets":null,"hits":[{"id":"bc596f3c-c955-4328-80a0-60d018b4ad57","index":"/var/tmp/ocis-accounts/index.bleve","score":3.4921022015832683,"sort":["_score"]}],"max_score":3.4921022015832683,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","term":"reva"}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":31318,"total_hits":1} service=accounts
2020-07-24T18:00:18+02:00 DBG found account account={"accountEnabled":true,"displayName":"Reva Inter Operability Platform","gidNumber":"15000","id":"bc596f3c-c955-4328-80a0-60d018b4ad57","mail":"storage@example.org","memberOf":[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}],"onPremisesSamAccountName":"reva","passwordProfile":{"password":"***REMOVED***"},"preferredName":"reva","uidNumber":"10001"} service=accounts
2020-07-24T18:00:18+02:00 DBG Bind success binddn=cn=reva,dc=example,dc=org service=glauth src={"IP":"::1","Port":52050,"Zone":""}
2020-07-24T18:00:18+02:00 DBG Search request basedn=dc=example,dc=org binddn=cn=reva,dc=example,dc=org filter=(&(objectclass=posixAccount)(uidnumber=20000)) service=glauth src={"IP":"::1","Port":52050,"Zone":""}
2020-07-24T18:00:18+02:00 DBG parsed query basedn=dc=example,dc=org binddn=cn=reva,dc=example,dc=org filter=(&(objectclass=posixAccount)(uidnumber=20000)) qtype=users query="uid_number eq '20000'" service=glauth
2020-07-24T18:00:18+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"uid_number","term":"20000"}]} service=accounts
2020-07-24T18:00:18+02:00 DBG result result={"facets":null,"hits":[],"max_score":0,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"uid_number","term":"20000"}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":25814,"total_hits":0} service=accounts
2020-07-24T18:00:18+02:00 DBG AP: Search OK basedn=dc=example,dc=org binddn=cn=reva,dc=example,dc=org filter=(&(objectclass=posixAccount)(uidnumber=20000)) service=glauth src={"IP":"::1","Port":52050,"Zone":""}

The text was updated successfully, but these errors were encountered:

Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a user it will not only try to lookup the user by username, but also by the `uidnumber`: `(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was sending that as a string query `uid_number eq '20000'` in the ListAccounts query. This PR changes that to `uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the numeric literal. Related: - owncloud/ocis-accounts#68 - owncloud#28 Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a user it will not only try to lookup the user by username, but also by the `uidnumber`: `(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was sending that as a string query `uid_number eq '20000'` and has been changed to send it as `uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the numeric literal and use the NewNumericRangeInclusiveQuery instead of a TermQuery. Related: owncloud/ocis-glauth#28 owncloud/ocis-glauth#29 Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

butonic self-assigned this Jul 24, 2020

butonic added the bug Something isn't working label Jul 24, 2020

This was referenced Jul 24, 2020

fix int queries #29

Merged

fix int parsing owncloud/ocis-accounts#68

Merged

kulmann closed this as completed in owncloud/ocis-accounts#68 Jul 27, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cannot search users by uidnumber #28

cannot search users by uidnumber #28

butonic commented Jul 24, 2020 •

edited

Loading

cannot search users by uidnumber #28

cannot search users by uidnumber #28

Comments

butonic commented Jul 24, 2020 • edited Loading

butonic commented Jul 24, 2020 •

edited

Loading