Comment 14 for bug 1669712

#VERIFICATION FOR XENIAL (1.13.4-1ubuntu1.5)

Using the following script to test "faulty" users (with trailing /r /n):

ubuntu@vtapia-xenial:~$ cat san.sh
#!/bin/bash

echo '- SSSD version'
dpkg -l | grep sssd-common

echo '- Query "user1"'
sss_cache -E; getent passwd 'user1'
ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries

echo '- Query "user1\n"'
sudo sss_cache -E; getent passwd 'user1
'
ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries

echo '- Query "user1\r"'
sudo sss_cache -E; getent passwd $(echo -e "user1\r")
ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries

echo '- SSSD log'
grep 'calling ldap_search_ext with' /var/log/sssd/sssd_openstacklocal.log | grep user1 | tail -n3

I can confirm the bug is fixed:

ubuntu@vtapia-xenial:~$ sudo ./san.sh
- SSSD version
ii sssd-common 1.13.4-1ubuntu1.5 amd64 System Security Services Daemon -- common files
- Query "user1"
user1:*:10000:5000:user1:/home/user1:/bin/bash
# 1 entries
- Query "user1\n"
# 1 entries
- Query "user1\r"
# 1 entries
- SSSD log
(Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal].
(Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal].
(Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0d)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal].

The correct entry persists as the queries are sanitized (user\0a / user\0d)