[PATCH] s3-winbindd: Use correct realm for trusted domains in idmap child
Christof Schmitt
cs at samba.org
Wed Aug 27 11:28:15 MDT 2014
Is anybody available to review this change? The same issue is also
present in 4.1, so this should also get backported once the patch is in
master.
Christof
On Fri, Aug 22, 2014 at 09:38:37AM -0700, Christof Schmitt wrote:
> The attached patch fixes a problem when using the idmap_ad module to
> query SFU attributes for users from a trusted domain.
>
> Christof
> From 37b94887cc6207e5f03b41660bfe34870073528f Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Fri, 22 Aug 2014 09:15:59 -0700
> Subject: [PATCH] s3-winbindd: Use correct realm for trusted domains in idmap child
>
> When authenticating users in a trusted domain, the idmap_ad module
> always connects to a local DC instead of one in the trusted domain.
>
> Fix this by passing the correct realm to connect to.
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/winbindd_ads.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
> index a869ff5..1b9dadb 100644
> --- a/source3/winbindd/winbindd_ads.c
> +++ b/source3/winbindd/winbindd_ads.c
> @@ -188,8 +188,8 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
> }
> }
>
> - status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
> - password, realm, 0);
> + status = ads_cached_connection_connect(adsp, wb_dom->alt_name, dom_name,
> + ldap_server, password, realm, 0);
> SAFE_FREE(realm);
> TALLOC_FREE(ldap_server);
>
> --
> 1.7.1
>
More information about the samba-technical
mailing list