Bug 11895 - Handling of Generalized-Time string with timezone diff
Handling of Generalized-Time string with timezone diff
Status: ASSIGNED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
unspecified
All All
: P5 normal
: ---
Assigned To: Ralph Böhme
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-04 13:54 UTC by Ralph Böhme
Modified: 2016-05-04 13:54 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2016-05-04 13:54:11 UTC
We seem to have an issue handling timestring (Generalized-Time), attributeSyntax  2.5.5.11, oMSyntax 24) in LDAP modify requests, showing the same modify request against Windows 2008 and Samba (git master from today):

slow@samba-ad:~/samba/master$ cat win2008r2.ldif
# editing 1 records
# record 1
dn: CN=SAMBA-MEMBER1,CN=Computers,DC=win2008r2,DC=site
changetype: modify
replace: msTSExpireDate
msTSExpireDate: 20160101112000.0+0400

slow@samba-ad:~/samba/master$ cat samba.ldif                                                                                                                                 
# editing 1 records
# record 1
dn: CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site
changetype: modify
replace: msTSExpireDate
msTSExpireDate: 20160101112000.0+0400

slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.200 -UAdministrator%PASSWORD win2008r2.ldif                                                            
Modified 1 records successfully

slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD samba.ldif
ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX -  <0000200B: objectclass_attrs: attribute 'msTSExpireDate' on entry 'CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site' contains at least one invalid value!> <>" on DN CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site at block before line 6
Modify failed after processing 0 records

It works with "20160101112000.0Z".

Searching works:

slow@samba-ad:~/samba/master$ ./bin/ldbsearch -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD "whenChanged>=20160101120000.0+0200" > /dev/null && echo success
success