i use samba 3_0_0 (from cvs) with ldapsam backend on FreeBSD 5.1. i cannot change/delete user attributes (description,password, etc) if user entry has a UTF8 dn: # smbpasswd -x tiamat could not delete attributes for cn=§á¡ö§á¨g§á¨k§ñ©°§á¨g§ñ©¤ §á░§á¨m§á¨g§á¨l§ñ©¦§á¨c§á¨o§á¨f§ñ©¤ §á¨ˆ§á¨c§á¨m§á¨g§ñ©¤§ñ¨{§á¨g§á¨e§á¨j§ñ©È,ou=§á¨U§á¨m§ñ©´§á¨h§á¨d§á¨c §á¨c§á¨e§ñ©°§á¨p§á¨n§á¨c§ñ©°§á¨j§á¨i§á¨c§ñ©À§á¨j§á¨j,ou=People,dc=komi,dc=mts,dc=ru, error: No such object () Failed to delete entry for user tiamat. Failed to modify password entry for user tiamat # pdbedit -h /tmp tiamat Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(uid=tiamat)(objectclass=sambaSamAccount))] Entry found for user: tiamat Setting entry for user: tiamat failed to modify user dn= cn=§á¡ö§á¨g§á¨k§ñ©°§á¨g§ñ©¤ §á░§á¨m§á¨g§á¨l§ñ©¦§á¨c§á¨o§á¨f§ñ©¤ §á¨ˆ§á¨c§á¨m§á¨g§ñ©¤§ñ¨{§á¨g§á¨e§á¨j§ñ©È,ou=§á¨U§á¨m§ñ©´§á¨h§á¨d§á¨c §á¨c§á¨e§ñ©°§á¨p§á¨n§á¨c§ñ©°§á¨j§á¨i§á¨c§ñ©À§á¨j§á¨j,ou=People,dc=komi,dc=mts,dc=ru with: No such object failed to modify user with uid = tiamat, error: (Protocol error) Unable to modify entry! in passdb\pdb_ldap.c used function dn = ldap_get_dn(...) that return UTF8 dn. Then call ldapsam_modify_entry (...,dn,...) -> smbldap_modify(...,dn,..) in lib\smbldap.c:smbldap_modify dn converted from CH_UNIX to CH_UTF8 and dn corrupted. my smb.conf: dos charset = 866 unix charset = KOI8-R display charset = KOI8-R Thanks!
There seems to be quite a few places where we call smbldap_modify so this problem is potentially in other places in the code. This is a bit of a re-run of the dos codepage vs unix codepage strings saga. There is no way to tell what codepage a string is in. We should fix our ldap routines to accept and return strings in Samba's internal character set only (unix charset?).
cc me
I am testing a patch where ldap_get_dn() is called from a wrapper that converts the result to unix charset before returning it. This should solve the defect. The ads code will require a look to see if it has the same problem.
Created attachment 79 [details] Call smbldap_get_dn() instead of ldap_get_dn() for pdb_ldap Here's the patch.
I haven't changed the other caller of ldap_get_dn() which is the printer publishing code, and the idmap_ldap module.
When this patch will be commited ?
The patch wasn't quite right (converted *to* utf8, not from :-), but was close enough for me to commit a fix (plus added error checking !). Marking as closed. Jeremy.
originally reported against 3.0.0beta3. CLeaning out non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.