On 3 April 2017 at 19:11, Jakub Hrozek <[email protected]> wrote: > On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote: > > > > With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces > in > > their names, libsemanage fails to update: > > > > eg from recent monthly upgrade cycle: > > > > Updating : > > selinux-policy-targeted-3.13.1-102.el7_3.16.noarch > > 3/14 > > libsemanage.parse_assert_ch: expected character ':', but found 'f' > > (/etc/selinux/targeted/tmp/seusers.local: 5): > > lastname [email protected]:unconfined_u:s0-s0:c0.c1023 (No such file > or > > directory). > > libsemanage.seuser_parse: could not parse seuser record (No such file or > > directory). > > libsemanage.dbase_file_cache: could not cache file database (No such file > > or directory). > > libsemanage.semanage_base_merge_components: could not merge local > > modifications into policy (No such file or directory). > > > > Hi, > according to my quick testing this is solved with this PR: > https://github.com/SSSD/sssd/pull/189 > (Please note that we haven't ran all regression tests on this PR so I > can't in fact tell if it's correct or not. The code does look OK, > though). > > I was also able to work around the issue by setting: > override_space = _ > in sssd.conf >
Thanks Jakub. The problem with the override_space = _ is that we also have users with _ in their names. I understand that this could be any character, but we decided that - given what we know about our AD - any character could also be in a user name. Looking forward to seeing the patch in upcoming releases. Cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
