Bug 773 - ldapsam backend truncates RIDs that contain letters
ldapsam backend truncates RIDs that contain letters
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
All Linux
: P3 minor
: none
Assigned To: Samba Bugzilla Account
Depends on:
  Show dependency treegraph
Reported: 2003-11-13 13:39 UTC by Michael D. Jurney
Modified: 2005-11-14 09:28 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Michael D. Jurney 2003-11-13 13:39:01 UTC
Using ldapsam, any RID that contains a letter is truncated at the first letter
occurance and returned with that value.  For example:

dn: gid=accounting,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: example_group
gidNumber: 2771
memberUid: testuser
sambaGroupType: 2
sambaSID: S-1-5-21-S-1-5-21-2022155550-1266666646-777777747--ad3

net groupmap returns this listing with a null RID:
accounting (S-1-5-21-S-1-5-21-2022155550-1266666646-777777747--0) -> accounting

Further, A user with the following:
sambaSID: S-1-5-21-S-1-5-21-2022155550-1266666646-777777747-4b0

shows up with the RID truncated at the first letter:

pdbedit -L -v -u example_username:
Unix username:        example_username
NT username:          example_username
Account Flags:        [UX         ]
User SID:             S-1-5-21-2022155550-1266666646-777777747-4
Primary Group SID:    S-1-5-21-2022155550-1266666646-777777747-513
Comment 1 Andrew Bartlett 2003-11-16 01:57:47 UTC
Indeed, we should fail to parse such a rid and bail out.  It is not a valid format.
Comment 2 Andrew Bartlett 2003-11-16 02:08:53 UTC
Given this only happens on incorrect manual ldap backend manipulation, of groups
only (users do not suffer this bug) this really is minor
Comment 3 Gerald (Jerry) Carter 2003-11-17 08:15:03 UTC
not going to fix this one.  Can't prevent everything admins do
(but shouldn't) outside of Samba.
Comment 4 Gerald (Jerry) Carter 2005-11-14 09:28:45 UTC
database cleanup