ldap_syntaxes.py test fixes
Andrew Bartlett
abartlet at samba.org
Tue Dec 21 04:15:19 MST 2010
On Tue, 2010-12-21 at 10:14 +0200, Anatoliy Atanasov wrote:
> Hi Andrew,
>
> > > On Mon, 2010-12-20 at 23:22 +0200, Anatoliy Atanasov wrote:
> > > Hi Andrew,
> > >
> > > I was able to fix the test against sam.ldb but it still fails
> > against samba4 ldap server.
> > > The fixes are here:
> > http://git.samba.org/?p=anatoliy/anatoliy.git;a=shortlog;h=refs/heads/l
> > dap-syntaxes
> >
> > I'm not sure about the change to deny DNs with a SID or GUID but not a
> > string DN. DNs in AD can be any of these 3 things, so I'm don't
> > understand why you think it's INVALID_DN_SYNTAX.
> Sorry, about that, i meant to be like this (branch is updated).
> I got consistent behavior from windows about that, so i guess that's the correct error code.
> I am looking through the documentation to find the allowed values for DN.
That might make things clearer.
> +
> + /*format specific checks*/
> + switch (dn_format) {
> + case DSDB_BINARY_DN:
> + case DSDB_STRING_DN:
> + /*check if we have GUID or SID only instead of a DN in the binary part*/
> + if ((strcmp(ldb_dn_get_linearized(dn), "") == 0) &&
> + (strcmp(ldb_dn_get_extended_linearized(tmp_ctx, dn, 0), "") != 0)) {
> + DEBUG(10, (__location__ ": we have a dn with invalid part %s\n",
> + ldb_dn_get_extended_linearized(tmp_ctx, dn, 0)));
> + *ldb_error = LDB_ERR_CONSTRAINT_VIOLATION;
> + goto failed;
> + }
> + }
It still seems odd that DN+Binary can't be created with only a SID. All
other DNs can be. I'm also just not sure it's the right place to deal
with this - perhaps the syntax validation module should be doing it,
rather than the parser?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list