Bug 11895 - Handling of Generalized-Time string with timezone diff
Summary: Handling of Generalized-Time string with timezone diff
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-04 13:54 UTC by Ralph Böhme
Modified: 2021-06-22 23:39 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2016-05-04 13:54:11 UTC 
We seem to have an issue handling timestring (Generalized-Time), attributeSyntax  2.5.5.11, oMSyntax 24) in LDAP modify requests, showing the same modify request against Windows 2008 and Samba (git master from today):

slow@samba-ad:~/samba/master$ cat win2008r2.ldif
# editing 1 records
# record 1
dn: CN=SAMBA-MEMBER1,CN=Computers,DC=win2008r2,DC=site
changetype: modify
replace: msTSExpireDate
msTSExpireDate: 20160101112000.0+0400

slow@samba-ad:~/samba/master$ cat samba.ldif                                                                                                                                 
# editing 1 records
# record 1
dn: CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site
changetype: modify
replace: msTSExpireDate
msTSExpireDate: 20160101112000.0+0400

slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.200 -UAdministrator%PASSWORD win2008r2.ldif                                                            
Modified 1 records successfully

slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD samba.ldif
ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX -  <0000200B: objectclass_attrs: attribute 'msTSExpireDate' on entry 'CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site' contains at least one invalid value!> <>" on DN CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site at block before line 6
Modify failed after processing 0 records

It works with "20160101112000.0Z".

Searching works:

slow@samba-ad:~/samba/master$ ./bin/ldbsearch -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD "whenChanged>=20160101120000.0+0200" > /dev/null && echo success
success
Comment 1 Douglas Bagnall 2021-06-22 23:39:56 UTC 
This looks a bit like bug 14677.