strange ldap search
simo
idra at samba.org
Tue Feb 9 06:08:53 MST 2010
On Tue, 2010-02-09 at 10:13 +0100, Stefan (metze) Metzmacher wrote:
> Björn JACKE schrieb:
> > Hi,
> >
> > I've stumbled upon a strange but quite frequent LDAP search request:
> >
> > smbldap_search_ext: base => [o=foo,c=faa], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-828240920-535362782-526260432-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
> >
> > I wonder if the (|(objectclass=sambaGroupMapping)(sambaGroupType=4)) part of
> > the search filter is actuallay intended. Shouldn't that be a & instead of |? In
> > the end this can be simplified to
> >
> > (&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|...
> >
> > As patches get stripped by our mailman, here's the proposed patch inline:
> >
> > diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
> > index 0d498c8..63790c0 100644
> > --- a/source3/passdb/pdb_ldap.c
> > +++ b/source3/passdb/pdb_ldap.c
> > @@ -3725,7 +3725,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
> > }
> >
> > filter = talloc_asprintf(mem_ctx,
> > - "(&(|(objectclass=%s)(sambaGroupType=%d))(|",
> > + "(&(objectclass=%s)(sambaGroupType=%d)(|",
> > LDAP_OBJ_GROUPMAP, type);
> >
> > for (i=0; i<num_members; i++)
> >
> > Any comments?
>
> For me the fix looks good.
>
> Simo do you agree?
Yes, I can't see any reason for the original form. Looks like what Björn
proposes is what was intended.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list