strange ldap search

Björn JACKE bj at SerNet.DE
Mon Feb 8 11:18:46 MST 2010


I've stumbled upon a strange but quite frequent LDAP search request:

  smbldap_search_ext: base => [o=foo,c=faa], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-828240920-535362782-526260432-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]

I wonder if the (|(objectclass=sambaGroupMapping)(sambaGroupType=4)) part of
the search filter is actuallay intended. Shouldn't that be a & instead of |? In
the end this can be simplified to


As patches get stripped by our mailman, here's the proposed patch inline:

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0d498c8..63790c0 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3725,7 +3725,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	filter = talloc_asprintf(mem_ctx,
-				 "(&(|(objectclass=%s)(sambaGroupType=%d))(|",
+				 "(&(objectclass=%s)(sambaGroupType=%d)(|",
 				 LDAP_OBJ_GROUPMAP, type);
 	for (i=0; i<num_members; i++)

Any comments?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list