Bug 1456783 - smbldap-passwd - wrong search scope for get_user_dn
Summary: smbldap-passwd - wrong search scope for get_user_dn
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: smbldap-tools
Version: el6
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Paul Howarth
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-30 11:19 UTC by Michal Bruncko
Modified: 2017-07-02 05:17 UTC (History)
1 user (show)

Fixed In Version: smbldap-tools-0.9.6-4.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-02 05:17:08 UTC


Attachments (Terms of Use)
get_user_dn search scope change to usersdn (465 bytes, patch)
2017-05-30 11:19 UTC, Michal Bruncko
no flags Details | Diff

Description Michal Bruncko 2017-05-30 11:19:31 UTC
Created attachment 1283393 [details]
get_user_dn search scope change to usersdn

Description of problem:
imagine two LDAP accounts - user and computer account with same name. each in each own LDAP subtree. 

once you try to change password with smbldap-passwd <username>, the tool select computer account (or maybe latest/newest LDAP record found) for this password change which could be the computer account instead of user account.

the point is that smbldap-passwd should focus on usersdn suffix while searching for user account mentioned as parameter for password change. but currently "get_user_dn" function searches over whole LDAP tree.

attaching a patch, which changes search scope for get_user_dn function (in file /usr/share/perl5/vendor_perl/smbldap_tools.pm) from "suffix" to "usersdn" - i.e. to focus only on user LDAP objects.


Version-Release number of selected component (if applicable):
smbldap-tools-0.9.6-3.el6.noarch


How reproducible:
always

Comment 1 Paul Howarth 2017-05-30 14:21:33 UTC
The patch looks good to me. I would really like to get upstream's opinion of this but gna.org, where upstream is hosted, went offline a couple of months ago.

Comment 2 Fedora Update System 2017-06-16 11:25:40 UTC
smbldap-tools-0.9.6-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37

Comment 3 Fedora Update System 2017-06-16 19:17:44 UTC
smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37

Comment 4 Fedora Update System 2017-07-02 05:17:08 UTC
smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.