[Freeipa-devel] CLDAP Netlogon fixes
Martin Kosek
mkosek at redhat.com
Tue May 28 14:13:51 UTC 2013
On 05/28/2013 04:12 PM, Martin Kosek wrote:
> On 05/28/2013 02:35 PM, Alexander Bokovoy wrote:
>> On Thu, 23 May 2013, Simo Sorce wrote:
>>>>> As you can see, incorrect parameters still return empty dn and netlogon
>>>>> attributes while Windows Server 2012 returns empty response:
>>>>>
>>>>> $ ldapsearch -LL -H cldap://altai.ad.lan -b "" -s base
>>>> '(&(NtVer=\00\00\00\55\00)(AAC=\00\00\00\00))' netlogon
>>>>> version: 1
>>>>>
>>>>> Yet, since for trusts we care about explicit request with our domain name
>>>> _and_ the
>>>>> case when DnsDomain is not specified, everything continues to work.
>>>>>
>>>>> So ACK.
>>>>
>>>> I can easily avoid returning the empty netlogon field, which is what I
>>>> wanted to do.
>>>> I'll see if I can also avoid returning the DN.
>>>>
>>>> Let me try just one more revision.
>>>
>>> It was a simple fix, attached patches omit LDAP_RES_SERAHC_ENTRY
>>> completely as they were supposed to, and only return a
>>> LDAP_RES_SEARCH_RESULT record.
>> Thanks.
>>
>> Tested and it works fine.
>>
>
> ACK. Pushed to master, ipa-3-1, ipa-3-0.
Sorry, off-by-one error :-) The actual branches where I pushed this were
master, ipa-3-2 and ipa-3-1.
Martin
>
> I will release 3.1.5 soon to Fedora 18 to fix cooperation with realmd.
>
> Martin
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
More information about the Freeipa-devel
mailing list