Bug 1456783
Summary: | smbldap-passwd - wrong search scope for get_user_dn | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Michal Bruncko <michal.bruncko> | ||||
Component: | smbldap-tools | Assignee: | Paul Howarth <paul> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | el6 | CC: | paul | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | smbldap-tools-0.9.6-4.el6 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-07-02 05:17:08 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
The patch looks good to me. I would really like to get upstream's opinion of this but gna.org, where upstream is hosted, went offline a couple of months ago. smbldap-tools-0.9.6-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37 smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37 smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 1283393 [details] get_user_dn search scope change to usersdn Description of problem: imagine two LDAP accounts - user and computer account with same name. each in each own LDAP subtree. once you try to change password with smbldap-passwd <username>, the tool select computer account (or maybe latest/newest LDAP record found) for this password change which could be the computer account instead of user account. the point is that smbldap-passwd should focus on usersdn suffix while searching for user account mentioned as parameter for password change. but currently "get_user_dn" function searches over whole LDAP tree. attaching a patch, which changes search scope for get_user_dn function (in file /usr/share/perl5/vendor_perl/smbldap_tools.pm) from "suffix" to "usersdn" - i.e. to focus only on user LDAP objects. Version-Release number of selected component (if applicable): smbldap-tools-0.9.6-3.el6.noarch How reproducible: always