When parsing an LDAP GPO object we insist on the following attributes existing: displayName flags gPCFileSysPath name ntSecurityDescriptor versionNumber If any are not present we fail listing all GPO objects with an "Out of memory" error (which is obviously incorrect). Patch to follow.
Created attachment 13069 [details] git-am fix for master. This patch fixes the problem by causing any missing attributes in ads_parse_gpo() to return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE). The interfaces to ads_pull_string() and ads_pull_sd() are broken in that they return NULL for both a talloc fail (out of memory) and also for a missing attribute in the LDAPMessage * pointer, so there's no way to tell the difference between these error cases. This patch causes ads_parse_gpo() to follow the same convention as other uses of ads_pull_string(), ads_pull_sd(), which is to assume a NULL return means missing attribute, not out of memory. Fixing this is a patch for another day though. Jeremy.
Created attachment 13071 [details] Updated commit message with bugID.
Comment on attachment 13071 [details] Updated commit message with bugID. LGTM, thanks!
Created attachment 13077 [details] git-am fix for 4.6.next, 4.5.next, 4.4.next. Cherry-picked from master for 4.6.next, 4.5.next, 4.4.next.
Comment on attachment 13077 [details] git-am fix for 4.6.next, 4.5.next, 4.4.next. LGTM
Karolin, please add to the appropriate branches. Thanks!
Pushed to autobuild-v4-{6,5}-test.
(In reply to Karolin Seeger from comment #7) Pushed to both branches. Closing out bug report. Thanks!