Thanks for the suggestion Rob! I posted to the sssd-users mailing list and
they responded. Turns out this is a known issue with an existing PR to fix it:
* https://github.com/SSSD/sssd/issues/5135
* https://github.com/SSSD/sssd/pull/1036
I will have to configure FreeIPA to match against full
Shane Frasier via FreeIPA-users wrote:
> If I manually escape the parentheses surrounding "affiliate" as seen below,
> then the ldapsearch command finds the user:
>
> ldapsearch -b "cn=accounts,dc=staging,dc=cool,dc=cyber,dc=dhs,dc=gov"
> "(&(ipaCertMapData=X509:C=US,O=U.S.
If I manually escape the parentheses surrounding "affiliate" as seen below,
then the ldapsearch command finds the user:
ldapsearch -b "cn=accounts,dc=staging,dc=cool,dc=cyber,dc=dhs,dc=gov"
"(&(ipaCertMapData=X509:C=US,O=U.S. Government,OU=Department of Homeland
Security,OU=Certification
I tried escaping the parentheses in the user certificate mapping data, but it
still fails. Did you mean to escape the parentheses inside the actual
certificate? Or something else?
I have also noticed that ipa certmap-match does not seem to care very much if I
run sss_cache -E. Is there
It istry escaping them \(.
David
-Original Message-
From: Rob Crittenden via FreeIPA-users
Sent: Wednesday, July 15, 2020 11:54 AM
To: FreeIPA users list
Cc: Sumit Bose ; Shane Frasier
; Rob Crittenden
Subject: [EXTERNAL] [Freeipa-users] Re: certmapdata issue
Shane Frasier via