7193 – Client crash with timeout when samba search groupmappings

Bug 7193 - Client crash with timeout when samba search groupmappings

Summary: Client crash with timeout when samba search groupmappings

Status:	RESOLVED DUPLICATE of bug 7192

Alias:	None

Product:	Samba 3.4
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.4.5
Hardware:	All Linux

Importance:	P3 critical
Target Milestone:	---
Assignee:	Guenther Deschner
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-03-02 00:39 UTC by Kardash Pavel
Modified:	2010-03-02 23:19 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kardash Pavel 2010-03-02 00:39:38 UTC

I'm found problem in version 3.4.4 , 3.4.5 and in 3.4.6
Our organization is big (more then 10000 users) and we using samba as PDC. After updating from 3.0.28a to 3.4.5 PDC working was broken - clients can't authorize - they exiting by timeout.
I'm fount that older samba versions search sambaGroupMapping with base dn defined by lb_ldap_group_suffix(), but 3.4.4 , 3.4.5 and 3.4.6 (may be other too) search sambaGroupMapping with base dn defined by lb_ldap_suffix() - there is so many ldap entryes (we using ldap to store some stuff such us mail books, ftp asterisk radius vpn accounts and many other) in ldap and search with base dn lb_ldap_suffix() take lot of time, but samba group mappings stored only in lb_ldap_group_suffix()

I'm create small patch for 3.4.5:
diff -rupN ./samba-3.4.5/source3/passdb/pdb_ldap.c ./samba-3.4.5-Slipeer/source3/passdb/pdb_ldap.c
--- ./samba-3.4.5/source3/passdb/pdb_ldap.c	2010-03-02 05:57:26.000000000 +0300
+++ ./samba-3.4.5-Slipeer/source3/passdb/pdb_ldap.c	2010-02-15 14:42:59.000000000 +0300
@@ -3739,8 +3739,8 @@ static NTSTATUS ldapsam_alias_membership
 	if (filter == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
+	rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
 			    LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
 
	if (rc != LDAP_SUCCESS)

And this is patch for 3.4.6:
diff -rupN ./samba-3.4.6/source3/passdb/pdb_ldap.c ./samba-3.4.6-Slipeer/source3/passdb/pdb_ldap.c
--- ./samba-3.4.6/source3/passdb/pdb_ldap.c	2010-03-02 06:32:10.000000000 +0300
+++ ./samba-3.4.6-Slipeer/source3/passdb/pdb_ldap.c	2010-03-02 06:20:22.000000000 +0300
@@ -3836,7 +3836,7 @@ static NTSTATUS ldapsam_alias_membership
 		result = ldap_state->search_cache.result;
 		ldap_state->search_cache.result = NULL;
 	} else {
-		rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
+		rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
 				    LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
 		if (rc != LDAP_SUCCESS) {
 			return NT_STATUS_UNSUCCESSFUL;

Please fix it. Thanks.

P.S. Excuse my English, it isn't my primary language...

Comment 1 Kardash Pavel 2010-03-02 23:19:47 UTC


*** This bug has been marked as a duplicate of bug 7192 ***