andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Source Code
GIT

Blame 0326-Ticket-48183-bind-on-db-chained-to-AD-returns-err-32.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   c6
  2.   0326-Ticket-48183-bind-on-db-chained-to-AD-returns-err-32.patch
Blob History Raw
dc8c34 
From d13b461fd160535b1a074651158c7dc95e2ae1ab Mon Sep 17 00:00:00 2001
dc8c34 
From: Noriko Hosoi <nhosoi@redhat.com>
dc8c34 
Date: Sat, 9 May 2015 18:55:39 -0700
dc8c34 
Subject: [PATCH 326/327] Ticket #48183 - bind on db chained to AD returns
dc8c34 
 err=32
dc8c34
dc8c34 
Description by rmeggins@redhat.com: bind is doing a search for the entry
dc8c34 
post bind, which fails because we don't enable password policy chaining
dc8c34 
by default. I think in this case, we should not look up password policy,
dc8c34 
because if the remote is AD or some other non-389 server, we can't use
dc8c34 
the password policy information. We should instead rely on the remote
dc8c34 
server to evaluate the password policy.
dc8c34
dc8c34 
The commit 4fc53e1a63222d0ff67c30a59f2cff4b535f90a8 introduced the bug.
dc8c34 
Ticket #47748 - Simultaneous adding a user and binding as the user could
dc8c34 
                fail in the password policy check
dc8c34
dc8c34 
https://fedorahosted.org/389/ticket/48183
dc8c34
dc8c34 
Revewed by nhosoi@redhat.com.
dc8c34
dc8c34 
(cherry picked from commit eb46e6f1975b19956bb38d5e070e6eb5159200b4)
dc8c34 
(cherry picked from commit 03bee0a0d4dbe313bca88cfafc605f6cb01b9fdc)
dc8c34 
(cherry picked from commit 46242d88b62716d99641eceac26476a9c842c149)
dc8c34 
(cherry picked from commit 164cb2460538d63ee2b2cde3e28323e51dc9741c)
dc8c34 
---
dc8c34 
 ldap/servers/slapd/bind.c | 3 ++-
dc8c34 
 1 file changed, 2 insertions(+), 1 deletion(-)
dc8c34
dc8c34 
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
dc8c34 
index edb36c4..11ec22e 100644
dc8c34 
--- a/ldap/servers/slapd/bind.c
dc8c34 
+++ b/ldap/servers/slapd/bind.c
dc8c34 
@@ -777,7 +777,8 @@ do_bind( Slapi_PBlock *pb )
dc8c34 
                          * was in be_bind.  Since be_bind returned SLAPI_BIND_SUCCESS,
dc8c34 
                          * the entry is in the DS.  So, we need to retrieve it once more.
dc8c34 
                          */
dc8c34 
-                        if (!bind_target_entry) {
dc8c34 
+                        if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA) &&
dc8c34 
+                            !bind_target_entry) {
dc8c34 
                             bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
dc8c34 
                             if (bind_target_entry) {
dc8c34 
                                 myrc = slapi_check_account_lock(pb, bind_target_entry,
dc8c34 
--
dc8c34 
1.9.3
dc8c34

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation