It's possible that whatever is causing this is in the nss module since it appears that the lowercase address is found where mixed case is not. Previous comment pertained to domain logs. Just browsed the nss log. Still stymied...
=G= ________________________________ From: Galen Johnson Sent: Monday, November 13, 2017 7:36 PM To: End-user discussions about the System Security Services Daemon Subject: Re: case sensitive email Ignore the comment about the query missing. I started fresh and see the same query where the only difference is the case...however, where the mixed case fails, the lowcase continues. Even at debug level 10 I'm not seeing anything obvious as to why it moves on for the lowcase example. Up to that point the logs are essentially identical. I'm stymied. =G= ________________________________ From: Galen Johnson Sent: Monday, November 13, 2017 6:52 PM To: End-user discussions about the System Security Services Daemon Subject: Re: case sensitive email I've done a bit more digging and sssd handles the request differently when it's mixed case versus all lowercase...when it's mixed case, I see this search string in the logs (Mon Nov 13 22:50:11:092700 2017) [sssd[be[exnet]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(krbPrincipalName=us...@example.com)(mail=us...@my.domain.com)(krbPrincipalName=User1\\@example....@my.domain.com))(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][ou=users,ou=production,ou=Customers,dc=my,dc=domain,dc=com]. but when it's all lowcase it seems to go down a completely different path as I never see that sdap_get_generic_ext_step? for it... Why would changing the login case cause this behavior? Note: auth_provider, id_provider, and access_provider are all set to ldap. Not sure why krbPrincipalName is even showing in the ldap search...however, if I remove the krb properties from sssd.conf, then email doesn't work at all. This used to work. The only thing that has changed that I am aware of is the version of SSSD on the system. =G= ________________________________ From: Galen Johnson Sent: Friday, November 10, 2017 9:53 AM To: End-user discussions about the System Security Services Daemon Subject: case sensitive email ?Hey, We've recently noticed that users logging in using emails are having issues when they use camel case but it works fine when all lower case. We haven't changed the configs so case_sensitive = preserving? has not changed. Could the behavior have changed with a recent update. We are running version 1.15.2 (sssd-1.15.2-50.el7_4.6.x86_64?). This did not used to be the behavior. Is there some other config that we now need to enable to allow the previous behavior? thanks =G=
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
