Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17095

pam_user_map module throws syntax error if group name contains backslash

    XMLWordPrintable

Details

    Description

      When using active directory, group names can have backslashes when specified in the "domain account format". See here for more information:

      https://docs.microsoft.com/en-us/windows/desktop/ad/getting-the-domain-account-style-name-of-a-group

      "getent group" on Linux is capable of interpreting backslashes in group names when AD is configured. For example, the following command properly gets the information about the AD group:

      getent group mydomain\\my-dba-group

      However, the pam_user_map module does not seem to support this format at the moment. If /etc/security/user_map.conf contains a line like the following:

      @mydomain\\my-dba-group: mysqldba

      Then the module would throw an error like the following:

      Aug 28 17:22:02 ip-10-156-191-170 mysqld: pam_user_map(mysql:auth): Syntax error at /etc/security/user_map.conf:5

      The same error is seen if only a single backslash is used in the group name. e.g.:

      @mydomain\my-dba-group: mysqldba

      The workaround is to set a default domain in the system's AD configuration.

      Attachments

        Activity

          People

            holyfoot Alexey Botchkov
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.