On ke, 12 kesä 2019, Dmitry Perets via FreeIPA-users wrote:
>
> Basically, I'm looking at seeing if Python interactive console will show
> you the same garbage in the filter text or not. If yes, then it looks
> like there is a bit of uncleaned unicode/str code checks in 4.6.
>
Yes, same output is also in the console... and both on working and on non-working IPA
server. The working one - surprisingly - just returns the result, despite having the same
bogus filter:
>>> api.Command.stageuser_find()
ipa: DEBUG: raw: stageuser_find(None, version=u'2.230')
ipa: DEBUG: stageuser_find(None, all=False, raw=False, version=u'2.230',
no_members=True, pkey_only=False)
ipa: DEBUG: retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-POC-DCN-TELEKOM-DE.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f76360d19e0>
ipa: DEBUG: stageuser_find: pre_callback new
filter=(objectclass=\70\6f\73\69\78\61\63\63\6f\75\6e\74)
{'count': 1, 'summary': u'1 user matched', 'messages':
[{'data': {'server_version': u'2.230'}, 'message':
u"API Version number was not sent, forward compatibility not guaranteed. Assuming
server's API version, 2.230", 'code': 13001, 'type':
u'warning', 'name': u'VersionMissing'}], 'result':
[{'dn': ipapython.dn.DN('uid=atest,cn=staged
users,cn=accounts,cn=provisioning,dc=poc,dc=dcn,dc=telekom,dc=de'),
u'givenname': [u'atest'], u'uid': [u'atest'],
u'nsaccountlock': True, u'sn': [u'atest']}], 'truncated':
False}
On both servers I have this one:
python2-ipaserver-4.6.4-10.el7_6.3.noarch
On the WORKING server I have _also_ python3 installed, but not sure if
it is used... the debug console in both cases seems to use python 2.7.
Can you share
what queries correspond to these requests in dirsrv access
log?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland