[Samba] Re: Bug in LDAP code for smbpasswd and pdbedit?

Marshall, Joshua MarshallJ at switch.aust.com
Thu Feb 21 17:17:08 GMT 2002 

Hi Miroslav,

I too came across this bug when getting my system up and running with 
2.2.3-prerelease. I fixed it by writing a patch, which I have sent to the 
developers but they didn't merge it in for 2.2.3

By default, all referrals are done unauthenticated. It is up to the client 
software to decide whether to authenticate when rebinding to another ldap 
server. In the case of a master/slave ldap servers, I believe it should 
authenticate when rebinding.

Anyway, apply the attached patch to pdb_ldap.c and recompile :)



Regards,

Joshua Marshall





Miroslav Zubcic <mvz at crol.net>
Sent by: samba-admin at lists.samba.org
22/02/2002 05:37 AM

 
        To:     samba at lists.samba.org
        cc: 
        Subject:        [Samba] Re: Bug in LDAP code for smbpasswd and pdbedit?


[ replying to myself ... ]

Miroslav Zubcic <mvz at crol.net> writes:

> But when I try to change password or add sambaAccount with
> smbpasswd(8) or pdbedit(8) i get this:
> 
> Feb 21 17:29:05 click.crol.net slapd[20149]:
> daemon: conn=36 fd=25 connection from IP=192.168.0.17:44459 
(IP=0.0.0.0:34049) accepted. 
> 
> Feb 21 17:29:05 click.crol.net slapd[20970]:
> conn=36 op=0 BIND dn="" method=128 
>             ^^^^^^^^^^^^^

Bug located closely:

My configuration was this:

ldap server = crol4.crol.net click.crol.net

crol4 is slave LDAP server, and click is master. So slave was first in
configuration line. smbpassword(8) then get updateref from slave to
contact master server for changes, he did that but in the meantime
"forgot" his bindDN, and bind to master like anonymous.

BTW, two servers are in "ldap server" line because things will work if
first one is down, second will be contacted, like ldap_open(3) says.

If I remove slave server from smb.conf(5) everything is OK. But this
is still a bug - probably in source/passdb/pdb_ldap.c ?


-- 
This signature intentionally left blank


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdb_ldap.patch
Type: application/octet-stream
Size: 1647 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20020221/c497bf94/pdb_ldap.obj

More information about the samba mailing list