[Freeipa-devel] CLDAP Netlogon fixes

Martin Kosek mkosek at redhat.com
Thu May 30 10:41:18 UTC 2013 

On 05/28/2013 05:21 PM, Martin Kosek wrote:
> On 05/28/2013 04:13 PM, Martin Kosek wrote:
>> On 05/28/2013 04:12 PM, Martin Kosek wrote:
>>> On 05/28/2013 02:35 PM, Alexander Bokovoy wrote:
>>>> On Thu, 23 May 2013, Simo Sorce wrote:
>>>>>>> As you can see, incorrect parameters still return empty dn and netlogon
>>>>>>> attributes while Windows Server 2012 returns empty response:
>>>>>>>
>>>>>>> $ ldapsearch  -LL -H cldap://altai.ad.lan -b "" -s base
>>>>>> '(&(NtVer=\00\00\00\55\00)(AAC=\00\00\00\00))' netlogon
>>>>>>> version: 1
>>>>>>>
>>>>>>> Yet, since for trusts we care about explicit request with our domain name
>>>>>> _and_ the
>>>>>>> case when DnsDomain is not specified, everything continues to work.
>>>>>>>
>>>>>>> So ACK.
>>>>>>
>>>>>> I can easily avoid returning the empty netlogon field, which is what I
>>>>>> wanted to do.
>>>>>> I'll see if I can also avoid returning the DN.
>>>>>>
>>>>>> Let me try just one more revision.
>>>>>
>>>>> It was a simple fix, attached patches omit LDAP_RES_SERAHC_ENTRY
>>>>> completely as they were supposed to, and only return a
>>>>> LDAP_RES_SEARCH_RESULT record.
>>>> Thanks.
>>>>
>>>> Tested and it works fine.
>>>>
>>>
>>> ACK. Pushed to master, ipa-3-1, ipa-3-0.
>>
>> Sorry, off-by-one error :-) The actual branches where I pushed this were
>> master, ipa-3-2 and ipa-3-1.
>>
>> Martin
>>
>>>
>>> I will release 3.1.5 soon to Fedora 18 to fix cooperation with realmd.
>>>
>>> Martin
>>>
> 
> I just noticed a strange behavior when I was sanity testing upcoming 3.1.5 release:
> 
> # ldapsearch -LL -H cldap://vm-037.idm.lab.bos.redhat.com -b "" -s base
> '(&(DnsDomain=foo)(NtVer=\06\00\00\00)(AAC=\00\00\00\00))'
> version: 1
> 
> #
> 
> ... this looks correct. But following call hangs:
> 
> # ldapsearch -LL -H cldap://vm-037.idm.lab.bos.redhat.com -b "" -s base
> '(NtVer=\06\00\00\00)'
> version: 1
> 
> ^C
> 
> This does not look right. Am I doing something wrong?
> 
> Martin
> 

ACK for Alexander's patch reviewed off list (attached).

Pushed to master, ipa-3-2, ipa-3-1.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-abbra-104-Fix-cldap-parser-2.patch
Type: text/x-patch
Size: 2323 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130530/bebe5b2c/attachment.bin>

More information about the Freeipa-devel mailing list