[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kadmin bug (missing mod_name)
On Wed, Nov 08, 2000 at 01:25:09PM -0600, Jacques A. Vidrine wrote:
> Why the LDAP hdb has problems finding a modifier is another story I
> haven't determined yet.
Well, there are two reasons. One is that if you want the modifiersName
et. al. from LDAP, you have to ask for it explicitly. Patch below.
--- lib/hdb/hdb-ldap.c.orig Wed Nov 8 14:42:11 2000
+++ lib/hdb/hdb-ldap.c Wed Nov 8 15:39:50 2000
@@ -583,8 +583,8 @@
rc = 1;
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc);
- rc = ldap_search_s((LDAP *) db->db, db->name,
- LDAP_SCOPE_ONELEVEL, filter, NULL, 0, msg);
+ rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter,
+ krb5kdcentry_attrs, 0, msg);
if (rc != LDAP_SUCCESS) {
ret = HDB_ERR_NOENTRY;
goto out;
The more serious problem is that `modifiersName' will never (?) be a
krb5PrincipalName. Rather it will be anonymous (if it was updated using
kadmin), or something like `uid=nectar' or even `uid=nectar@NECTAR.COM'
(if it was updated directly via LDAP).
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org