[Freeipa-devel] CLDAP Netlogon fixes
Martin Kosek
mkosek at redhat.com
Tue May 28 15:21:50 UTC 2013
On 05/28/2013 04:13 PM, Martin Kosek wrote:
> On 05/28/2013 04:12 PM, Martin Kosek wrote:
>> On 05/28/2013 02:35 PM, Alexander Bokovoy wrote:
>>> On Thu, 23 May 2013, Simo Sorce wrote:
>>>>>> As you can see, incorrect parameters still return empty dn and netlogon
>>>>>> attributes while Windows Server 2012 returns empty response:
>>>>>>
>>>>>> $ ldapsearch -LL -H cldap://altai.ad.lan -b "" -s base
>>>>> '(&(NtVer=\00\00\00\55\00)(AAC=\00\00\00\00))' netlogon
>>>>>> version: 1
>>>>>>
>>>>>> Yet, since for trusts we care about explicit request with our domain name
>>>>> _and_ the
>>>>>> case when DnsDomain is not specified, everything continues to work.
>>>>>>
>>>>>> So ACK.
>>>>>
>>>>> I can easily avoid returning the empty netlogon field, which is what I
>>>>> wanted to do.
>>>>> I'll see if I can also avoid returning the DN.
>>>>>
>>>>> Let me try just one more revision.
>>>>
>>>> It was a simple fix, attached patches omit LDAP_RES_SERAHC_ENTRY
>>>> completely as they were supposed to, and only return a
>>>> LDAP_RES_SEARCH_RESULT record.
>>> Thanks.
>>>
>>> Tested and it works fine.
>>>
>>
>> ACK. Pushed to master, ipa-3-1, ipa-3-0.
>
> Sorry, off-by-one error :-) The actual branches where I pushed this were
> master, ipa-3-2 and ipa-3-1.
>
> Martin
>
>>
>> I will release 3.1.5 soon to Fedora 18 to fix cooperation with realmd.
>>
>> Martin
>>
I just noticed a strange behavior when I was sanity testing upcoming 3.1.5 release:
# ldapsearch -LL -H cldap://vm-037.idm.lab.bos.redhat.com -b "" -s base
'(&(DnsDomain=foo)(NtVer=\06\00\00\00)(AAC=\00\00\00\00))'
version: 1
#
... this looks correct. But following call hangs:
# ldapsearch -LL -H cldap://vm-037.idm.lab.bos.redhat.com -b "" -s base
'(NtVer=\06\00\00\00)'
version: 1
^C
This does not look right. Am I doing something wrong?
Martin
More information about the Freeipa-devel
mailing list