On Thu, 2013-05-23 at 21:02 +0300, Alexander Bokovoy wrote:
> On Thu, 23 May 2013, Simo Sorce wrote:
> >On Thu, 2013-05-23 at 10:42 -0400, Simo Sorce wrote:
> >> CLDAP fixes for:
> >> https://fedorahosted.org/freeipa/ticket/3639
> >>
> >> Should be pretty straightforward.
> >> (pending testing)
> >>
> >> Alexander,
> >> please check they work for your 2012 setup too.
> >
> >Alexander found a couple of typos and then the patches didn't work for
> >him.
> >
> >The bug was that I forgot to consider the successful case in the switch
> >statement I introduced at the last minute ... silly me.
> >
> >Tested this new set and works for me, Alexander please confirm.
> Works for me now. There is still slight difference from what we see
> against Windows Server 2012.
> 
> ----------------------------------------------------------------------------------
> $ ldapsearch -LL -H cldap://red.bird.clone -b "" -s base 
> '(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))' netlogon                          
>            
> version: 1
> 
> dn:
> netlogon::
> FwAAAP0DAADBEtlp7qtnRa3yDLzj68BuBGJpcmQFY2xvbmUAwBgDcmVkwBgEQklSRAA
>   
> FXFxSRUQAABdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQDAOhACAAAAfwAAAQAAAAAAAAAAAAUAAAD/
>   ////
> 
> $ ldapsearch -LL -H cldap://red.bird.clone -b "" -s base 
> '(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00)(DnsDOmain=bird.clone))' netlogon
> version: 1
> 
> dn:
> netlogon::
> FwAAAP0DAADBEtlp7qtnRa3yDLzj68BuBGJpcmQFY2xvbmUAwBgDcmVkwBgEQklSRAA
>   
> FXFxSRUQAABdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQDAOhACAAAAfwAAAQAAAAAAAAAAAAUAAAD/
>   ////
> 
> $ ldapsearch -LL -H cldap://red.bird.clone -b "" -s base 
> '(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00)(DnsDOmain=bird.clone1))' netlogon
> version: 1
> 
> dn:
> netlogon:
> 
> $ ldapsearch -LL -H cldap://red.bird.clone -b "" -s base 
> '(&(NtVer=\00\00\55\00)(AAC=\00\00\00\00)(DnsDOmain=bird.clone))' netlogon
> version: 1
> 
> dn:
> netlogon:
> ----------------------------------------------------------------------------------
> 
> As you can see, incorrect parameters still return empty dn and netlogon
> attributes while Windows Server 2012 returns empty response:
> 
> $ ldapsearch  -LL -H cldap://altai.ad.lan -b "" -s base 
> '(&(NtVer=\00\00\00\55\00)(AAC=\00\00\00\00))' netlogon
> version: 1
> 
> Yet, since for trusts we care about explicit request with our domain name 
> _and_ the
> case when DnsDomain is not specified, everything continues to work.
> 
> So ACK.

I can easily avoid returning the empty netlogon field, which is what I
wanted to do.
I'll see if I can also avoid returning the DN.

Let me try just one more revision.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to