RootDSE search with extended-dn (bug #10949)
Stefan (metze) Metzmacher
metze at samba.org
Tue Dec 9 07:48:36 MST 2014
Hi,
here's patches for https://bugzilla.samba.org/show_bug.cgi?id=10949.
An anonymous client can ask for extended-dn on the RootDSE record,
currently we fail to handle this over LDAP:
root at ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base
--extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020:
operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
But it works fine locally (as system).
root at ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b ''
-s base --extended-dn serverName
# record 1
dn:
serverName:
<GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
The trick is to do the extended-dn resolving using the AS_SYSTEM control.
BTW: A FreeIPA client uses such a LDAP query...
Please review and push.
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141209/7a6eb751/attachment.pgp>
More information about the samba-technical
mailing list