[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin bug (missing mod_name)



On Wed, Nov 08, 2000 at 01:25:09PM -0600, Jacques A. Vidrine wrote:
> Why the LDAP hdb has problems finding a modifier is another story I
> haven't determined yet.

Well, there are two reasons.  One is that if you want the modifiersName
et. al. from LDAP, you have to ask for it explicitly.  Patch below.

--- lib/hdb/hdb-ldap.c.orig	Wed Nov  8 14:42:11 2000
+++ lib/hdb/hdb-ldap.c	Wed Nov  8 15:39:50 2000
@@ -583,8 +583,8 @@
     rc = 1;
     (void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc);
 
-    rc = ldap_search_s((LDAP *) db->db, db->name,
-		       LDAP_SCOPE_ONELEVEL, filter, NULL, 0, msg);
+    rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter,
+	krb5kdcentry_attrs, 0, msg);
     if (rc != LDAP_SUCCESS) {
 	ret = HDB_ERR_NOENTRY;
 	goto out;

The more serious problem is that `modifiersName' will never (?) be a
krb5PrincipalName.  Rather it will be anonymous (if it was updated using
kadmin), or something like `uid=nectar' or even `uid=nectar@NECTAR.COM'
(if it was updated directly via LDAP).

-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org