FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-21-2012, 10:54 AM
Juan Asensio Sánchez
 
Default Problem with plugin

Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:

(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-22-2012, 02:42 PM
Rich Megginson
 
Default Problem with plugin

On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:

Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:

(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

What platform? What version of 389-ds-base?

Can you reproduce the same results with ldapsearch?


If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-03-2012, 11:50 AM
Juan Asensio Sánchez
 
Default Problem with plugin

Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385,
389-ds-base 1.2.5. If I do this search (simulating the search done by
Samba), the plugin works fine, being s_entradas not null and not
empty, returning the command 1 entry:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass
sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber

But if I do this search, s_entradas is null, although the filter is
valid and I get too 1 entry, but without the attribute modified by the
plugin:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers) )(objectClass=sambaSamAccount)))"
uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

Any help is wellcome.


El día 22 de marzo de 2012 16:42, Rich Megginson <rmeggins@redhat.com> escribió:
> On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
>>
>> Hi
>>
>> We have done a plugin that dynamically change some attributes of the
>> search results. The main code is like this:
>>
>>
>> int smbhack_hook( Slapi_PBlock* pb ) {
>> * * * *// ...
>> * * * *Slapi_Entry** s_entradas = NULL;
>> * * * *Slapi_PBlock* pbi = NULL;
>>
>> * * * *// ...
>> * * * *rv = slapi_pblock_get(
>> * * * * * * * *pb,
>> * * * * * * * *SLAPI_SEARCH_STRFILTER,
>> * * * * * * * *&s_strfilter
>> * * * *);
>> * * * *if (rv == -1) {
>> * * * * * * * *slapi_unlock_mutex(cfg_lock);
>> * * * * * * * *return LDAP_OP_IGNORED;
>> * * * *}
>>
>> * * * *// ...
>> * * * *slapi_search_internal_set_pb(
>> * * * * * * * *pbi,
>> * * * * * * * *s_dn, * * * * * * * * * * *// Base
>> * * * * * * * *s_scope, * * * * * * * * * // Ambito
>> * * * * * * * *s_strfilter, * * * * * * * // Filtro
>> * * * * * * * *s_attrs, * * * * * * * * * // Atributos buscados
>> * * * * * * * *s_attrsonly, * * * * * * * // Flag de seleccion
>> * * * * * * * *s_controls, * * * * * * * *// Controls
>> * * * * * * * *s_uid, * * * * * * * * * * // DN vs uid
>> * * * * * * * *plugin_id, * * * * * * * * // ComponentId
>> * * * * * * * *SLAPI_OP_FLAG_NEVER_CHAIN *// Flags
>> * * * * * * * *);
>>
>> * * * *// ...
>> * * * *rv = slapi_pblock_get(
>> * * * * * * * *pbi,
>> * * * * * * * *SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
>> * * * * * * * *&s_entradas
>> * * * *);
>>
>> * * * *// ...
>> * * * *if (s_entradas == NULL || s_entradas[0] == NULL) {
>> * * * * * * * *slapi_unlock_mutex(cfg_lock);
>> * * * * * * * *destruir_estructura_dn(pila_dn_invocador);
>> * * * * * * * *slapi_pblock_destroy(pbi);
>> * * * * * * * *return LDAP_OP_IGNORED;
>> * * * *}
>>
>> * * * *// ...
>> }
>>
>> The problem is thar when doing a search with this filter:
>>
>> (&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))
>>
>> the method slapi_pblock_getfor the attribute
>> SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
>> do a search with this filter:
>>
>>
>> (&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))
>>
>> s_entradas is null or s_entradas[0] is null and the operation is ignored.
>>
>> What could the reason?
>
> What platform? *What version of 389-ds-base?
>
> Can you reproduce the same results with ldapsearch?
>>
>>
>> If anyone can be useful, this plugin simulates a samba domain trust,
>> making some users of other organization in a group, change dinamycally
>> their sambasid to make them a valid user in the target windows domain.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-03-2012, 01:15 PM
Rich Megginson
 
Default Problem with plugin

On 04/03/2012 05:50 AM, Juan Asensio Sánchez wrote:

Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385,
389-ds-base 1.2.5. If I do this search (simulating the search done by
Samba), the plugin works fine, being s_entradas not null and not
empty, returning the command 1 entry:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber
homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass
sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber

But if I do this search, s_entradas is null, although the filter is
valid and I get too 1 entry, but without the attribute modified by the
plugin:

ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D
"uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XX XX,dc=XXXX" -w XXXX
"(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers) )(objectClass=sambaSamAccount)))"
uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations
sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

Any help is wellcome.

Can you reproduce the problem with 1.2.10.4-3 (in el5 epel-testing now)



El día 22 de marzo de 2012 16:42, Rich Megginson<rmeggins@redhat.com> escribió:

On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:

Hi

We have done a plugin that dynamically change some attributes of the
search results. The main code is like this:


int smbhack_hook( Slapi_PBlock* pb ) {
// ...
Slapi_Entry** s_entradas = NULL;
Slapi_PBlock* pbi = NULL;

// ...
rv = slapi_pblock_get(
pb,
SLAPI_SEARCH_STRFILTER,
&s_strfilter
);
if (rv == -1) {
slapi_unlock_mutex(cfg_lock);
return LDAP_OP_IGNORED;
}

// ...
slapi_search_internal_set_pb(
pbi,
s_dn, // Base
s_scope, // Ambito
s_strfilter, // Filtro
s_attrs, // Atributos buscados
s_attrsonly, // Flag de seleccion
s_controls, // Controls
s_uid, // DN vs uid
plugin_id, // ComponentId
SLAPI_OP_FLAG_NEVER_CHAIN // Flags
);

// ...
rv = slapi_pblock_get(
pbi,
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&s_entradas
);

// ...
if (s_entradas == NULL || s_entradas[0] == NULL) {
slapi_unlock_mutex(cfg_lock);
destruir_estructura_dn(pila_dn_invocador);
slapi_pblock_destroy(pbi);
return LDAP_OP_IGNORED;
}

// ...
}

The problem is thar when doing a search with this filter:

(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamA ccount))

the method slapi_pblock_getfor the attribute
SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I
do a search with this filter:


(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)( objectClass=sambaSamAccount))

s_entradas is null or s_entradas[0] is null and the operation is ignored.

What could the reason?

What platform? What version of 389-ds-base?

Can you reproduce the same results with ldapsearch?


If anyone can be useful, this plugin simulates a samba domain trust,
making some users of other organization in a group, change dinamycally
their sambasid to make them a valid user in the target windows domain.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 03:47 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org