On 04/03/2012 05:50 AM, Juan Asensio Sánchez wrote:
Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385,
389-ds-base 1.2.5. If I do this search (simulating the search done by
Samba), the plugin works fine, being s_entradas not null and not
empty, returning the command 1 entry:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass
sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber
But if I do this search, s_entradas is null, although the filter is
valid and I get too 1 entry, but without the attribute modified by the
plugin:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers))(objectClass=sambaSamAccount)))"
uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
Any help is wellcome.
Can you reproduce the problem with 1.2.10.4-3 (in el5 epel-testing now)
El día 22 de marzo de 2012 16:42, Rich Megginson<rmeggins@xxxxxxxxxx> escribió:
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
Hi
We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;
// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}
// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);
// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);
// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}
// ...
}
The problem is thar when doing a search with this filter:
(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamAccount))
the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:
(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)(objectClass=sambaSamAccount))
s_entradas is null or s_entradas[0] is null and the operation is ignored.
What could the reason?
What platform? What version of 389-ds-base?
Can you reproduce the same results with ldapsearch?
If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
