Created attachment 1283393 [details]
get_user_dn search scope change to usersdn
Description of problem:
imagine two LDAP accounts - user and computer account with same name. each in each own LDAP subtree.
once you try to change password with smbldap-passwd <username>, the tool select computer account (or maybe latest/newest LDAP record found) for this password change which could be the computer account instead of user account.
the point is that smbldap-passwd should focus on usersdn suffix while searching for user account mentioned as parameter for password change. but currently "get_user_dn" function searches over whole LDAP tree.
attaching a patch, which changes search scope for get_user_dn function (in file /usr/share/perl5/vendor_perl/smbldap_tools.pm) from "suffix" to "usersdn" - i.e. to focus only on user LDAP objects.
Version-Release number of selected component (if applicable):
The patch looks good to me. I would really like to get upstream's opinion of this but gna.org, where upstream is hosted, went offline a couple of months ago.
smbldap-tools-0.9.6-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37
smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97c2545a37
smbldap-tools-0.9.6-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.