A 389ds CLAP plugin cannot directly use code to generate the blobs for the netlogon queries due to licencing issues (GPLv2 vs GPLv3). But the main IPA code is GPLv3 and can use samba code. Since the blob only contain static data they can be pre-created, e.g. during the run of ipa-adtrust-install, and stored in the LDAP server so that the CLDAP pluing can find them and use them the generate the response.
Simple script to create the netlogon blob py_nbt_test.py
The attached script is an example how the netlogon blob can be created with python.
I think there is one issue in samba's nbt python bindings. For c code the blob is hand-marshaled because of the optional components, see ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags() and ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags() in libcli/netlogon/ndr_netlogon.c. For python the autogenerate ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX() and ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX() are used which cannot handle the optional components right. They always assume they are present independent of the flags. Since they are called via autogenerated code in py_nbt.c I don't know how to fix this and direct the python code to used the *_with_flags() routines?
I think it is important to handle the optional components correctly because the CLDAP request explicitly asks for the structure with the IP address.
Any ideas?
The licence issues are resolved and the samba libraries can use used from the CLDAP plugin. If there a issues using the samba libraries due to threads this ticket can be reopened.
Metadata Update from @sbose: - Issue assigned to sbose - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2011/10
Login to comment on this ticket.