Bug 598 - Special characters in user's full name aren't properly quoted.
Summary: Special characters in user's full name aren't properly quoted.
Status: RESOLVED DUPLICATE of bug 592
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.0
Hardware: All Solaris
: P2 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-10 03:06 UTC by Sergei V. Rozinov
Modified: 2005-11-14 09:30 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei V. Rozinov 2003-10-10 03:06:46 UTC
samba-3.0 configured with SECURITY = ADS model.
If the user's full name in Windows AD contains special character
',' or ';' winbindd is unable to receive info about that user.
This causes improper ADS group mapping for UNIX nss.

The log file portion below shows "Bad search filter" message.
I guess ADS username should be properly quoted before doing ldap search.

Sincerely,
Sergei V. Rozinov
Senior RISC systems engineer & administrator
Sibron Ltd, RUSSIA

---------------------------------------------------------------------------
[2003/10/10 04:17:21, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1236)
  lookup_groupmem: [Cached] - doing backend query for info for domain SIBRON
[2003/10/10 04:17:21, 10] nsswitch/winbindd_ads.c:lookup_groupmem(697)
  ads: lookup_groupmem SIBRON sid=S-1-5-21-989341691-1389498357-883519231-4116
[2003/10/10 04:17:21, 5] libads/ldap_utils.c:ads_do_search_retry(52)
  Search for
(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\FB\27\F8\3A\F5\0F\D2\52\FF\6E\A9\34\14\10\00\00)
gave 1 replies
[2003/10/10 04:17:21, 3] nsswitch/winbindd_ads.c:dn_lookup(361)
  ads: dn_lookup
[2003/10/10 04:17:21, 3] libads/ldap.c:ads_do_paged_search(451)
  ldap_search_ext_s((distinguishedName=CN=cbtest1\,
\272\302\262-\272\333\330\325\335\342,CN=Users,DC=sibron,DC=internal)) -> Bad
search filter
[2003/10/10 04:17:21, 3] libads/ldap_utils.c:ads_do_search_retry(60)
  Reopening ads connection to realm 'SIBRON.INTERNAL' after error Bad search filter
[2003/10/10 04:17:21, 6] libads/ldap.c:ads_find_dc(147)
  ads_find_dc: looking for realm 'SIBRON.INTERNAL'
Comment 1 Guenther Deschner 2003-10-12 17:48:44 UTC
this is a duplicate of bug #592.

the proposed one-line-fix should really be applied... 
Comment 2 Guenther Deschner 2003-10-12 17:50:17 UTC
cc me.
Comment 3 Sergei V. Rozinov 2003-10-13 06:23:00 UTC
Thanks, the patch for bug #592 fixes this bug correctly.
Suggest to change its status to FIXED.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2003-10-13 06:59:36 UTC

*** This bug has been marked as a duplicate of 592 ***
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:30:38 UTC
database cleanup