Hi
We have done a plugin that dynamically change some attributes of the search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) { // ... Slapi_Entry** s_entradas = NULL; Slapi_PBlock* pbi = NULL;
// ... rv = slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &s_strfilter ); if (rv == -1) { slapi_unlock_mutex(cfg_lock); return LDAP_OP_IGNORED; }
// ... slapi_search_internal_set_pb( pbi, s_dn, // Base s_scope, // Ambito s_strfilter, // Filtro s_attrs, // Atributos buscados s_attrsonly, // Flag de seleccion s_controls, // Controls s_uid, // DN vs uid plugin_id, // ComponentId SLAPI_OP_FLAG_NEVER_CHAIN // Flags );
// ... rv = slapi_pblock_get( pbi, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &s_entradas );
// ... if (s_entradas == NULL || s_entradas[0] == NULL) { slapi_unlock_mutex(cfg_lock); destruir_estructura_dn(pila_dn_invocador); slapi_pblock_destroy(pbi); return LDAP_OP_IGNORED; }
// ... }
The problem is thar when doing a search with this filter:
(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamAccount))
the method slapi_pblock_getfor the attribute SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I do a search with this filter:
(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)(objectClass=sambaSamAccount))
s_entradas is null or s_entradas[0] is null and the operation is ignored.
What could the reason?
If anyone can be useful, this plugin simulates a samba domain trust, making some users of other organization in a group, change dinamycally their sambasid to make them a valid user in the target windows domain.
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
Hi
We have done a plugin that dynamically change some attributes of the search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) { // ... Slapi_Entry** s_entradas = NULL; Slapi_PBlock* pbi = NULL;
// ... rv = slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &s_strfilter ); if (rv == -1) { slapi_unlock_mutex(cfg_lock); return LDAP_OP_IGNORED; }
// ... slapi_search_internal_set_pb( pbi, s_dn, // Base s_scope, // Ambito s_strfilter, // Filtro s_attrs, // Atributos buscados s_attrsonly, // Flag de seleccion s_controls, // Controls s_uid, // DN vs uid plugin_id, // ComponentId SLAPI_OP_FLAG_NEVER_CHAIN // Flags );
// ... rv = slapi_pblock_get( pbi, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &s_entradas );
// ... if (s_entradas == NULL || s_entradas[0] == NULL) { slapi_unlock_mutex(cfg_lock); destruir_estructura_dn(pila_dn_invocador); slapi_pblock_destroy(pbi); return LDAP_OP_IGNORED; }
// ... }
The problem is thar when doing a search with this filter:
(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamAccount))
the method slapi_pblock_getfor the attribute SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I do a search with this filter:
(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)(objectClass=sambaSamAccount))
s_entradas is null or s_entradas[0] is null and the operation is ignored.
What could the reason?
What platform? What version of 389-ds-base?
Can you reproduce the same results with ldapsearch?
If anyone can be useful, this plugin simulates a samba domain trust, making some users of other organization in a group, change dinamycally their sambasid to make them a valid user in the target windows domain. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385, 389-ds-base 1.2.5. If I do this search (simulating the search done by Samba), the plugin works fine, being s_entradas not null and not empty, returning the command 1 entry:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D "uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX "(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
But if I do this search, s_entradas is null, although the filter is valid and I get too 1 entry, but without the attribute modified by the plugin:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D "uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX "(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers))(objectClass=sambaSamAccount)))" uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
Any help is wellcome.
El día 22 de marzo de 2012 16:42, Rich Megginson rmeggins@redhat.com escribió:
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
Hi
We have done a plugin that dynamically change some attributes of the search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) { // ... Slapi_Entry** s_entradas = NULL; Slapi_PBlock* pbi = NULL;
// ... rv = slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &s_strfilter ); if (rv == -1) { slapi_unlock_mutex(cfg_lock); return LDAP_OP_IGNORED; }
// ... slapi_search_internal_set_pb( pbi, s_dn, // Base s_scope, // Ambito s_strfilter, // Filtro s_attrs, // Atributos buscados s_attrsonly, // Flag de seleccion s_controls, // Controls s_uid, // DN vs uid plugin_id, // ComponentId SLAPI_OP_FLAG_NEVER_CHAIN // Flags );
// ... rv = slapi_pblock_get( pbi, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &s_entradas );
// ... if (s_entradas == NULL || s_entradas[0] == NULL) { slapi_unlock_mutex(cfg_lock); destruir_estructura_dn(pila_dn_invocador); slapi_pblock_destroy(pbi); return LDAP_OP_IGNORED; }
// ... }
The problem is thar when doing a search with this filter:
(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamAccount))
the method slapi_pblock_getfor the attribute SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I do a search with this filter:
(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)(objectClass=sambaSamAccount))
s_entradas is null or s_entradas[0] is null and the operation is ignored.
What could the reason?
What platform? What version of 389-ds-base?
Can you reproduce the same results with ldapsearch?
If anyone can be useful, this plugin simulates a samba domain trust, making some users of other organization in a group, change dinamycally their sambasid to make them a valid user in the target windows domain. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 04/03/2012 05:50 AM, Juan Asensio Sánchez wrote:
Yes, this is reproduceable with ldapsearch, using CentOS 5.5 i385, 389-ds-base 1.2.5. If I do this search (simulating the search done by Samba), the plugin works fine, being s_entradas not null and not empty, returning the command 1 entry:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D "uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX "(&(uid=XXXX)(objectClass=sambaSamAccount))" uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
But if I do this search, s_entradas is null, although the filter is valid and I get too 1 entry, but without the attribute modified by the plugin:
ldapsearch -LLL -H ldaps://localhost -b "dc=XXXX,dc=XXXX" -x -D "uid=adminsamba_XXXX,ou=dominio_samba,o=XXXX,dc=XXXX,dc=XXXX" -w XXXX "(&(uid=XXXX)(&(|(ou:dn:=People)(ou:dn:=Computers))(objectClass=sambaSamAccount)))" uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
Any help is wellcome.
Can you reproduce the problem with 1.2.10.4-3 (in el5 epel-testing now)
El día 22 de marzo de 2012 16:42, Rich Megginsonrmeggins@redhat.com escribió:
On 03/21/2012 05:54 AM, Juan Asensio Sánchez wrote:
Hi
We have done a plugin that dynamically change some attributes of the search results. The main code is like this:
int smbhack_hook( Slapi_PBlock* pb ) { // ... Slapi_Entry** s_entradas = NULL; Slapi_PBlock* pbi = NULL;
// ... rv = slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &s_strfilter ); if (rv == -1) { slapi_unlock_mutex(cfg_lock); return LDAP_OP_IGNORED; } // ... slapi_search_internal_set_pb( pbi, s_dn, // Base s_scope, // Ambito s_strfilter, // Filtro s_attrs, // Atributos buscados s_attrsonly, // Flag de seleccion s_controls, // Controls s_uid, // DN vs uid plugin_id, // ComponentId SLAPI_OP_FLAG_NEVER_CHAIN // Flags ); // ... rv = slapi_pblock_get( pbi, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &s_entradas ); // ... if (s_entradas == NULL || s_entradas[0] == NULL) { slapi_unlock_mutex(cfg_lock); destruir_estructura_dn(pila_dn_invocador); slapi_pblock_destroy(pbi); return LDAP_OP_IGNORED; } // ...
}
The problem is thar when doing a search with this filter:
(&(ou:dn:=People)(uid=myuid)(objectClass=sambaSamAccount))
the method slapi_pblock_getfor the attribute SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES returns s_entradas != null, but if I do a search with this filter:
(&(|(ou:dn:=Computers)(ou:dn:=People))(uid=myuid)(objectClass=sambaSamAccount))
s_entradas is null or s_entradas[0] is null and the operation is ignored.
What could the reason?
What platform? What version of 389-ds-base?
Can you reproduce the same results with ldapsearch?
If anyone can be useful, this plugin simulates a samba domain trust, making some users of other organization in a group, change dinamycally their sambasid to make them a valid user in the target windows domain. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org