Issue #3847: gpo: use correct base dn - sssd

SSSD / sssd

#3847 gpo: use correct base dn

Closed: cloned-to-github 4 years ago by pbrezina. Opened 6 years ago by pbrezina.

GPO code in ad_gpo_connect_done converts domain name to base dn which may not be correct. For example if the domain name in sssd.conf is AD, computed base is then dc=AD, but the correct base dn is dc=ad,dc=vm. This makes gpo code to fail.

    /* Convert the domain name into domain DN */
    ret = domain_to_basedn(state, state->host_domain->name, &domain_dn);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE,
              "Cannot convert domain name [%s] to base DN [%d]: %s\n",
               state->host_domain->name, ret, sss_strerror(ret));
        goto done;
    }

    /* SDAP_OC_USER objectclass covers both users and computers */
    filter = talloc_asprintf(state,
                             "(&(objectclass=%s)(%s=%s))",
                             state->opts->user_map[SDAP_OC_USER].name,
                             state->opts->user_map[SDAP_AT_USER_NAME].name,
                             sam_account_name);
    if (filter == NULL) {
        ret = ENOMEM;
        goto done;
    }

    subreq = sdap_get_generic_send(state, state->ev, state->opts,
                                   sdap_id_op_handle(state->sdap_op),
                                   domain_dn, LDAP_SCOPE_SUBTREE,
^^^ correct base dn should be used
                                   filter, attrs, NULL, 0,
                                   state->timeout,
                                   false);

    if (subreq == NULL) {
        DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
        ret = EIO;
        goto done;
    }

    tevent_req_set_callback(subreq, ad_gpo_target_dn_retrieval_done, req);

Metadata Update from @jhrozek:
- Issue assigned to mzidek

6 years ago

Metadata Update from @pbrezina:
- Issue tagged with: Future milestone, New hire task

5 years ago

Metadata Update from @pbrezina:
- Issue assigned to avisiedo (was: mzidek)

4 years ago

pbrezina commented 4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4840

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

avisiedo

Tags

Blocking

None

Depending on

None

Priority

major

Milestone

None

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3847 gpo: use correct base dn Closed: cloned-to-github 4 years ago by pbrezina. Opened 6 years ago by pbrezina.

Metadata

New hire task Future milestone

#3847 gpo: use correct base dn

Closed: cloned-to-github 4 years ago by pbrezina. Opened 6 years ago by pbrezina.