RootDSE search with extended-dn (bug #10949)

Stefan (metze) Metzmacher metze at
Tue Dec 9 07:48:36 MST 2014


here's patches for

An anonymous client can ask for extended-dn on the RootDSE record,
currently we fail to handle this over LDAP:

root at ub1204-161:~# ldbsearch -U% -H ldap:// -b '' -s base
--extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR -  <00002020:
operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>

But it works fine locally (as system).

root at ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b ''
-s base --extended-dn serverName
# record 1

# returned 1 records
# 1 entries
# 0 referrals

The trick is to do the extended-dn resolving using the AS_SYSTEM control.

BTW: A FreeIPA client uses such a LDAP query...

Please review and push.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list