The Samba-Bugzilla – Bug 11392
Joining a Huawai storage fails: empty CLDAP ping answer
Last modified: 2017-01-03 19:55:14 UTC
Created attachment 11241 [details]
Seen in the wild: A Huawai storage array performs the initial CLDAP ping without NtVer in the filter. Samba doesn't send a searchResEntry in this case, only the searchResResult (success).
[MS-ADTS] sect. 188.8.131.52 "Domain Controller Response to an LDAP Ping" specifies that in this case the DC should answer normally with a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure.
The attached patch fixes the problem, verified with examples/misc/cldap.pl as well as with that Huawai device.
In addition to this patch, the testsuite needs to be modified to cover the same case, so we don't regress here.
Once that is done, I'll be very glad to ask for a second review and get this into master.
Is anyone working on the test?
It's a pitty that the patch doesn't get upstream...
> Is anyone working on the test?
What is expected here, create a torture test for each misbehaving corner case?
(In reply to Arvid Requate from comment #3)
(In reply to Andrew Bartlett from comment #4)
To be clear, I will happily accept tests that operate on the netlogon RootDSE attribute over LDAP, not CLDAP, as the handlers are combined.
This should make it much, much easier to write tests in (say) python using our ldb bindings.