From 1b6395781a022ae7c3a802480bc1d32109c45cb9 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Wed, 30 Jul 2025 14:28:22 +1200 Subject: [PATCH] samba_kcc: log when msDS-HasInstantiatedNCs is not BinaryDn Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer --- python/samba/kcc/kcc_utils.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/python/samba/kcc/kcc_utils.py b/python/samba/kcc/kcc_utils.py index f0165344c5a..1cb4bb15e88 100644 --- a/python/samba/kcc/kcc_utils.py +++ b/python/samba/kcc/kcc_utils.py @@ -29,7 +29,7 @@ from samba.dcerpc import ( drsuapi, misc, ) -from samba.samdb import dsdb_dn_guess +from samba.samdb import dsdb_dn_guess, BinaryDn from samba.ndr import ndr_unpack, ndr_pack from collections import Counter @@ -746,7 +746,6 @@ class DirectoryServiceAgent(object): # msDS-HasInstantiatedNCs is a BinaryDN, but the # others are plain DNs. dsdn = dsdb_dn_guess(samdb, value) - flags = dsdn.get_binary_integer() dnstr = str(dsdn.dn) if dnstr not in tmp_table: @@ -756,7 +755,15 @@ class DirectoryServiceAgent(object): rep = tmp_table[dnstr] if k == "msDS-HasInstantiatedNCs": - rep.set_instantiated_flags(flags) + # msDS-HasInstantiatedNCs should only be DN+Binary + # (MS-ADTS 6.1.1.2.2.1.2.1.1 and 6.1.2.3.1) + # but sometimes we see it as a plain DN. + if isinstance(dsdn, BinaryDn): + flags = dsdn.get_binary_integer() + rep.set_instantiated_flags(flags) + else: + print("msDS-HasInstantiatedNCsis not a BinaryDn '{dsdn}'", + file=sys.stderr) continue rep.identify_by_dsa_attr(samdb, k) -- 2.47.3