Bug 7082 - samba 3.4.5 does not check if ldap controls are available before using them
Summary: samba 3.4.5 does not check if ldap controls are available before using them
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 enhancement
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-29 17:59 UTC by Simo Sorce
Modified: 2010-03-08 04:48 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2010-01-29 17:59:56 UTC 
net ad join uses the LDAP_SERVER_PERMISSIVE_MODIFY_OID (1.2.840.113556.1.4.1413) control without checking if the server implements it (information is exposed in rootDSE in the SupportedControls attribute).

Samba4 still does not implement this control so when samba 3.4.5 tries to modify the machine ldap entry and uses this control (marking it as critical) the server returns an error and the join fails.

I am not sure we should fix this in samba 3.x, I am looking on how much work we need to add this control to s4.
Comment 1 Simo Sorce 2010-01-30 00:07:04 UTC 
I pushed a patch in s4 that implements the control and with that the samba join works. Not sure if we want to consider this bug fixed or if we want to still check the control is available before using it. That would be the right(TM) thing to do, but I know it would be a lot of work to make the work around if the control is not available, so I'll gladly accept opinions.
Comment 2 Volker Lendecke 2010-02-07 10:33:42 UTC 
Marking this as an enhancement. I doubt that there will be AD implementations that don't support the full set of controls.

Volker
Comment 3 Karolin Seeger 2010-03-08 04:48:57 UTC 
Raising component.