Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Active Directory IDP: Users with Parentheses in Name Cause Error #1147

Closed
scottd018 opened this issue May 2, 2022 · 0 comments
Closed

Active Directory IDP: Users with Parentheses in Name Cause Error #1147

scottd018 opened this issue May 2, 2022 · 0 comments
Assignees
Labels
bug Something isn't working state/accepted All done!

Comments

@scottd018
Copy link

What happened?

Please be specific and include screenshots and logs!

  • Successful setup of Supervisor
  • Successful setup of Concierge
  • Successful setup of ActiveDirectoryIdentityProvider
  • Successful pulling of kubeconfig using pinniped get kubeconfig
  • Failure to do anything against the cluster (e.g. kubectl get ns)

After all of the above, the kubectl command reports an error:

kubectl get ns
Username: admin.dustin@my.domain
Password: 
Error: could not complete Pinniped login: error getting authorization: expected to be redirected, but response status was 502 Bad Gateway

And there are errors in the supervisor logs:

I0502 19:18:22.040216       1 auth_handler.go:105] "unexpected error during upstream LDAP authentication" warning="true" error="error searching for group memberships for user with DN \"CN=Dustin Scott (Admin),OU=Users,OU=my,DC=my,DC=domain
\": LDAP Result Code 201 \"Filter Compile Error\": ldap: finished compiling filter with extra at end: OU=Users,OU=my,DC=my,DC=domain
"

Using a user without the parentheses () in the name ( (Admin) in the above example) results in a successful login.

What did you expect to happen?

Please be specific and include proposed behavior!

Users that contain parentheses are able to login successful and perform commands that they are authorized to perform.

What is the simplest way to reproduce this behavior?

In what environment did you see this bug?

  • Pinniped server version: v0.16.0
  • Pinniped client version: v0.16.0
  • Pinniped container image (if using a public container image): projects.registry.vmware.com/pinniped/pinniped-server:v0.16.0@sha256:e333109a3b6433d24c3477ee3589244cb3239c9e758f2dff22cc0a81cc6bc762
  • Pinniped configuration (what IDP(s) are you using? what downstream credential minting mechanisms are you using?): ActiveDirectory
  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.5-eks-bc4871b", GitCommit:"5236faf39f1b7a7dabea8df12726f25608131aa9", GitTreeState:"clean", BuildDate:"2021-10-29T23:32:16Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
  • Kubernetes installer & version (e.g., kubeadm version): NA (EKS cluster)
  • Cloud provider or hardware configuration: AWS EKS
  • OS (e.g: cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Others:

What else is there to know about this bug?

Link to conversation about bug at: https://kubernetes.slack.com/archives/C01BW364RJA/p1651518056901309

@pinniped-ci-bot pinniped-ci-bot added enhancement New feature or request priority/backlog Prioritized for an upcoming iteration estimate/S Estimated effort/complexity/risk is small labels May 2, 2022
@pinniped-ci-bot pinniped-ci-bot added the state/started Someone is working on it currently label May 2, 2022
@pinniped-ci-bot pinniped-ci-bot added bug Something isn't working state/finished Code finished but not yet delivered state/delivered Ready for manual acceptance review and removed enhancement New feature or request estimate/S Estimated effort/complexity/risk is small state/started Someone is working on it currently state/finished Code finished but not yet delivered labels May 2, 2022
@pinniped-ci-bot pinniped-ci-bot added state/accepted All done! and removed priority/backlog Prioritized for an upcoming iteration state/delivered Ready for manual acceptance review labels May 4, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug Something isn't working state/accepted All done!
Projects
None yet
Development

No branches or pull requests

3 participants