Bug 13194 - Creating group with samba-tool should check that gidNumber is not too high
Creating group with samba-tool should check that gidNumber is not too high
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.7.3
All All
: P5 minor
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-19 12:16 UTC by Yvan Masson
Modified: 2017-12-19 12:16 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yvan Masson 2017-12-19 12:16:52 UTC
Hi,

Using Debian stable amd64 with samba 4.7 self-compiled, I noticed that we can get strange data in LDAP with "samba-tool group add" and a very high gidNumber:

# this is correct
# samba-tool group add group-test13 --gid-number=2000000000 --nis-domain=mydomain
Added group group-test13
# ldbsearch -H /usr/local/samba/private/sam.ldb CN="group-test13"
…
# gidNumber: 2000000000
…

# this is not correct
# samba-tool group add group-test14 --gid-number=3000000000 --nis-domain=mydomain
Added group group-test14
# ldbsearch -H /usr/local/samba/private/sam.ldb CN="group-test14"
…
gidNumber: -1294967296
…


I am probably using a GID that is way to high, but it would be nice if the tool could avoid getting strange values in LDAP. On the Microsoft side, it seems there is no theoretical limit: https://msdn.microsoft.com/en-us/library/ms675718(v=vs.85).aspx

Regards,
Yvan