Bug in samldb_description_check?
Volker.Lendecke at SerNet.DE
Sun Feb 13 07:45:07 MST 2011
While trying to complete pdb_ads, I've run across a
behaviour that I would like your opinion on. In pdb_ads, to
modify ldap fields I use the delete/add operations of values
in a single ldap modify request. For many fields this works
fine, but for the "description" field it does not. It can be
easily reproduced with ldbmodify:
vlendec at delphin:~/git/s4-work$ bin/ldbsearch -H ldap://127.0.0.1/ -b dc=samba,dc=org samaccountname=vl -U administrator at samba.org%Passw0rd description #
... Okay, we have "foo".
vlendec at delphin:~/git/s4-work$ cat /tmp/x
... now replace "foo" with "bar" they way pdb_ads would do
vlendec at delphin:~/git/s4-work$ SOCKET_WRAPPER_PCAP_FILE=/tmp/ldapmodify.cap bin/ldbmodify -H ldap://127.0.0.1/ -b dc=samba,dc=org -U administrator at samba.org%Passw0rd </tmp/x
ERR: (Attribute or value exists) "LDAP error 20 LDAP_ATTRIBUTE_OR_VALUE_EXISTS - <0000200D: Attribute or value exists - samldb: Description on SAM entry 'CN=vl,CN=Users,DC=samba,DC=org' is changed using an add operation while a value already exists!> <>" on DN CN=vl,CN=Users,DC=samba,DC=org
Modified 0 records with 1 failures
Attached find ldapmodify.cap.
If I do the equivalent operation against W2k8, it does work.
I can provide captures in private, the installation I have
handy right now has a customer name in its DN...
My guess is that samldb_description_check is too coarse, it
does not take into account that the ldap modify operation
has deleted the existing value.
With best regards,
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2702 bytes
Desc: not available
More information about the samba-technical