Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Problem with plugin (http://www.linux-archive.org/fedora-directory/647204-problem-plugin.html)

Juan Asensio Sánchez 03-21-2012 10:54 AM

Problem with plugin
 
Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:

(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 03-22-2012 02:42 PM

Problem with plugin
 
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:

Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:

(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

What platform? What version of 389-ds-base?

Can you reproduce the same results with ldapsearch?


If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Juan Asensio Sánchez 04-03-2012 11:50 AM

Problem with plugin
 
Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385,
389-ds-base 1.2.5. If I do this search (simulating the search done by
Samba), the plugin works fine, being s_entradas not null and not
empty, returning the command 1 entry:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass
sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber

But if I do this search, s_entradas is null, although the filter is
valid and I get too 1 entry, but without the attribute modified by the
plugin:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers) )(objectClass=sambaSamAccount)))"
uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

Any help is wellcome.


El día 22 de marzo de 2012 16:42, Rich Megginson <rmeggins@redhat.com> escribió:
> On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
>>
>> Hi
>>
>> We have done a plugin that dynamically change some attributes of the
>> search results. The main code is like this:
>>
>>
>> int smbhack_hook( Slapi_PBlock* pb ) {
>> * * * *// ...
>> * * * *Slapi_Entry** s_entradas = NULL;
>> * * * *Slapi_PBlock* pbi = NULL;
>>
>> * * * *// ...
>> * * * *rv = slapi_pblock_get(
>> * * * * * * * *pb,
>> * * * * * * * *SLAPI_SEARCH_STRFILTER,
>> * * * * * * * *&s_strfilter
>> * * * *);
>> * * * *if (rv == -1) {
>> * * * * * * * *slapi_unlock_mutex(cfg_lock);
>> * * * * * * * *return LDAP_OP_IGNORED;
>> * * * *}
>>
>> * * * *// ...
>> * * * *slapi_search_internal_set_pb(
>> * * * * * * * *pbi,
>> * * * * * * * *s_dn, * * * * * * * * * * *// Base
>> * * * * * * * *s_scope, * * * * * * * * * // Ambito
>> * * * * * * * *s_strfilter, * * * * * * * // Filtro
>> * * * * * * * *s_attrs, * * * * * * * * * // Atributos buscados
>> * * * * * * * *s_attrsonly, * * * * * * * // Flag de seleccion
>> * * * * * * * *s_controls, * * * * * * * *// Controls
>> * * * * * * * *s_uid, * * * * * * * * * * // DN vs uid
>> * * * * * * * *plugin_id, * * * * * * * * // ComponentId
>> * * * * * * * *SLAPI_OP_FLAG_NEVER_CHAIN *// Flags
>> * * * * * * * *);
>>
>> * * * *// ...
>> * * * *rv = slapi_pblock_get(
>> * * * * * * * *pbi,
>> * * * * * * * *SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
>> * * * * * * * *&s_entradas
>> * * * *);
>>
>> * * * *// ...
>> * * * *if (s_entradas == NULL || s_entradas[0] == NULL) {
>> * * * * * * * *slapi_unlock_mutex(cfg_lock);
>> * * * * * * * *destruir_estructura_dn(pila_dn_invocador);
>> * * * * * * * *slapi_pblock_destroy(pbi);
>> * * * * * * * *return LDAP_OP_IGNORED;
>> * * * *}
>>
>> * * * *// ...
>> }
>>
>> The problem is thar when doing a search with this filter:
>>
>> (&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))
>>
>> the method slapi_pblock_getfor the attribute
>> SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
>> do a search with this filter:
>>
>>
>> (&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))
>>
>> s_entradas is null or s_entradas[0] is null and the operation is ignored.
>>
>> What could the reason?
>
> What platform? *What version of 389-ds-base?
>
> Can you reproduce the same results with ldapsearch?
>>
>>
>> If anyone can be useful, this plugin simulates a samba domain trust,
>> making some users of other organization in a group, change dinamycally
>> their sambasid to make them a valid user in the target windows domain.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 04-03-2012 01:15 PM

Problem with plugin
 
On 04/03/2012 05:50 AM, Juan Asensio Sánchez wrote:

Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385,
389-ds-base 1.2.5. If I do this search (simulating the search done by
Samba), the plugin works fine, being s_entradas not null and not
empty, returning the command 1 entry:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass
sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber

But if I do this search, s_entradas is null, although the filter is
valid and I get too 1 entry, but without the attribute modified by the
plugin:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers) )(objectClass=sambaSamAccount)))"
uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

Any help is wellcome.

Can you reproduce the problem with 1.2.10.4-3 (in el5 epel-testing now)



El día 22 de marzo de 2012 16:42, Rich Megginson<rmeggins@redhat.com> escribió:

On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:

Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:


(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

What platform? What version of 389-ds-base?

Can you reproduce the same results with ldapsearch?


If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 01:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.