Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-86313

RootDN Access Control Plugin with wildcards for IP addresses fails with an error "Invalid IP address"

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • 389-ds-base-3.1.3-2.el10
    • No
    • Low
    • ZStream
    • rhel-idm-ds
    • 22
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Directory Server
    • None
    • Regression Exception
    • Bug Fix
    • Hide
      .The RootDN Access Control plugin with wildcards for IP addresses no longer fails

      Before this update, if you tried to set IP addresses with wildcards for the RootDN Access Control plugin configuration, the attempt failed with the `Invalid IP address` error. With this release, the validation function was updated. As a result, the attempt to set values with wildcards no longer fails.
      Show
      .The RootDN Access Control plugin with wildcards for IP addresses no longer fails Before this update, if you tried to set IP addresses with wildcards for the RootDN Access Control plugin configuration, the attempt failed with the `Invalid IP address` error. With this release, the validation function was updated. As a result, the attempt to set values with wildcards no longer fails.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Description of a problem

      RootDN Access Control Plugin with wildcards for IP addresses fails with an error "Invalid IP address"

The documentation states that it should be possible: 
"--allow-host, --deny-host, --allow-ip, and --deny-ip for host-based access controls. These are all multi-valued attributes and you can use wild cards to allow or deny IP ranges or domains."


However, when we try to add an IP with a wildcard octet, it says:

[root@rhds ~]# dsconf -D "cn=Directory Manager" ldaps://localhost:3012 plugin root-dn set --allow-ip 10.10.10.*
Enter password for cn=Directory Manager on ldaps://localhost:3012:
Error: Invalid IP address (10.10.10.*) for '--allow-ip'

      Version : 

      • RHDS 12.5
      • 389-ds-base-2.5.2-2.el9_5.x86_64

      Steps to reproduce

      - Try to add an IP with wildcard for rootDN Access Control with below command on RHDS and it throws an error : 

[root@rhds ~]# dsconf -D "cn=Directory Manager" ldaps://localhost:3012 plugin root-dn set --allow-ip 10.10.10.*

      Actual results

      - It fails with an error "Invalid IP address"

[root@rhds ~]# dsconf -D "cn=Directory Manager" ldaps://localhost:3012 plugin root-dn set --allow-ip 10.10.10.* Enter password for cn=Directory Manager on ldaps://localhost:3012: Error: Invalid IP address (10.10.10.*) for '--allow-ip'

      Expected results

      - All the IP address specified with wildcard should get added

      Additional information

      - Adding single IP's works as expected, it's just the wildcard that doesn't: 

~~~
[root@rhds ~]# dsconf -D "cn=Directory Manager" ldaps://localhost:3012 plugin root-dn set --allow-ip 10.10.10.30
Enter password for cn=Directory Manager on ldaps://localhost:3012:
Successfully changed the cn=RootDN Access Control,cn=plugins,cn=config
~~~

              jachapma James Chapman
              rhn-support-apeddire AbhinayReddy Peddireddy
              IdM DS Dev IdM DS Dev
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: