Re: [Users] Active Directory Groups

2013-05-23 Thread Charlie
RFC4515,String Representation of Distinguished Names, says LDAP
transactions that include strings beginning with a space or #
character MUST use the standard LDAP string encoding rules.  Note a
# character in the middle or end of a string is OK, though.  In my
experience the rules apply to attribute specification as well as to
filters and distinguished names.

See Kurt's RFC at http://tools.ietf.org/html/rfc4514 or
http://www.rfc-editor.org/info/rfc4514 for details on how to deal with
funky characters when talking to Directories.

--Charlie

On Thu, May 23, 2013 at 7:31 AM, Thomas Scofield tscofi...@gmail.com wrote:
 I tried various search strings,  but I could only find groups if I searched
 for the full group name.

 On May 23, 2013 3:44 AM, René Koch (ovido) r.k...@ovido.at wrote:

 Hi,

 I also had a problem with '#' in an customer project with RHEV 3.0, but
 we also had issues with a broken active directory replication. White
 spaces aren't a problem in groups.

 I can't tell if groups with '#' are working, as I told them to not use
 special characters in group names and to fix their replication. Now
 everything is working fine, but don't know if they created new groups
 for RHEV or if it was just the replication.


 Regards,
 René



 On Thu, 2013-05-23 at 00:36 -0400, Yair Zaslavsky wrote:
  I don't remember encountering such an issue, but probably never
  checked.
 
  a. What is the search string you're passing in order to get the
  users/groups?
  b. From quick look at the code - looks like this is at the step
  of initializing the data that will be queried  - that is, before
  sending the AD query.
 
 
 
 
  Eli - looks like this is from the SeachQuery.InitQueryData - can you
  elaborate here?
 
 
 
 
 
 
 
 
 
  __
  From: Thomas Scofield tscofi...@gmail.com
  To: users users@ovirt.org
  Sent: Thursday, May 23, 2013 4:06:29 AM
  Subject: [Users] Active Directory Groups
 
 
  I was attempting to assign some permissions to Active
  Directory groups and ran into an issue where groups with
  spaces or the # sign in them.  The engine log contained
  messages like these
 
 
  2013-05-22 08:39:35,228 WARN
   [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-134)
  ResourceManager::searchBusinessObjects - erroneous search text
  - ADGROUP: name=#Virtual Engineering
  2013-05-22 08:39:35,228 WARN
   [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-46)
  ResourceManager::searchBusinessObjects - erroneous search text
  - ADUSER: allnames=#Virtual Engineering
 
 
  The group name is valid.  The example above contains both the
  space and #, but trying groups with just a space and others
  with just a # also fail.  I was able to successfully add
  groups that contained characters and -.  Has anyone else had
  an issue like this?
 
 
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users


 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[Users] Active Directory Groups

2013-05-22 Thread Thomas Scofield
I was attempting to assign some permissions to Active Directory groups and
ran into an issue where groups with spaces or the # sign in them.  The
engine log contained messages like these

2013-05-22 08:39:35,228 WARN  [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects -
erroneous search text - ADGROUP: name=#Virtual Engineering
2013-05-22 08:39:35,228 WARN  [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous
search text - ADUSER: allnames=#Virtual Engineering

The group name is valid.  The example above contains both the space and #,
but trying groups with just a space and others with just a # also fail.  I
was able to successfully add groups that contained characters and -.  Has
anyone else had an issue like this?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Active Directory Groups

2013-05-22 Thread Yair Zaslavsky
I don't remember encountering such an issue, but probably never checked. 
a. What is the search string you're passing in order to get the users/groups? 
b. From quick look at the code - looks like this is at the step of initializing 
the data that will be queried - that is, before sending the AD query. 

Eli - looks like this is from the SeachQuery.InitQueryData - can you elaborate 
here? 

- Original Message -

 From: Thomas Scofield tscofi...@gmail.com
 To: users users@ovirt.org
 Sent: Thursday, May 23, 2013 4:06:29 AM
 Subject: [Users] Active Directory Groups

 I was attempting to assign some permissions to Active Directory groups and
 ran into an issue where groups with spaces or the # sign in them. The engine
 log contained messages like these

 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-134) ResourceManager::searchBusinessObjects - erroneous
 search text - ADGROUP: name=#Virtual Engineering
 2013-05-22 08:39:35,228 WARN [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-46) ResourceManager::searchBusinessObjects - erroneous
 search text - ADUSER: allnames=#Virtual Engineering

 The group name is valid. The example above contains both the space and #, but
 trying groups with just a space and others with just a # also fail. I was
 able to successfully add groups that contained characters and -. Has anyone
 else had an issue like this?

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users