strange ldap search
Björn JACKE
bj at SerNet.DE
Mon Feb 8 11:18:46 MST 2010
Hi,
I've stumbled upon a strange but quite frequent LDAP search request:
smbldap_search_ext: base => [o=foo,c=faa], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-828240920-535362782-526260432-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
I wonder if the (|(objectclass=sambaGroupMapping)(sambaGroupType=4)) part of
the search filter is actuallay intended. Shouldn't that be a & instead of |? In
the end this can be simplified to
(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|...
As patches get stripped by our mailman, here's the proposed patch inline:
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0d498c8..63790c0 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3725,7 +3725,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
}
filter = talloc_asprintf(mem_ctx,
- "(&(|(objectclass=%s)(sambaGroupType=%d))(|",
+ "(&(objectclass=%s)(sambaGroupType=%d)(|",
LDAP_OBJ_GROUPMAP, type);
for (i=0; i<num_members; i++)
Any comments?
Björn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100208/92a9b16e/attachment.pgp>
More information about the samba-technical
mailing list