From: Günther Deschner <gd@samba.org>
Date: Wed, 29 Sep 2004 13:34:41 +0000 (+0000)
Subject: r2752: Fix the paranoia-check to ensure the ldap-attribute and the
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5743
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5b8bc6c2e9a3f789f41742438b31152721c0bf4;p=thirdparty%2Fsamba.git

r2752: Fix the paranoia-check to ensure the ldap-attribute and the
smb.conf-parameter for samba's "algorithmic rid base" in ldapsam are
identical.

It tried to get the value of LDAP_ATTR_ALGORITHMIC_RID_BASE via
get_userattr_key2string() for a very long time now. This just can not
work because LDAP_ATTR_ALGORITHMIC_RID_BASE is neither in attrib_map_v22
nor in attrib_map_v30. Instead, get it directly from dominfo_attr_list.

Ldapsam will now correctly refuse to initialize when admins tried
manually to have differing values for "algorithmic rid base" in ldap and
smb.conf. idmap_ldap is another story...

Guenther
---

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 60312d265f3..751ec7e049c 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -2993,7 +2993,7 @@ and will risk BDCs having inconsistant SIDs\n"));
 	}
 
 	if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 
-				 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ALGORITHMIC_RID_BASE), 
+				 get_attr_key2string( dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE ),
 				 alg_rid_base_string)) {
 		alg_rid_base = (uint32)atol(alg_rid_base_string);
 		if (alg_rid_base != algorithmic_rid_base()) {