Possible bug in cross platform code

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Geoffrey McRae <geoff [at] spacevs.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org, geoff [at] spacevs.com
Subject: Possible bug in cross platform code
Date: Thu, 11 Jun 2015 19:51:59 +1000

Hi All,

I have spent the better part of a day trying to get nscd to work on aRaspberri pi2, and I believe I have found the cause is due to a bug inthe code that passes the objectSid to LDAP. Here is my config which isworking perfectly fine on my x86_64 machine.


# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://192.168.50.200/

# The search base that will be used for all queries.
base dc=home,dc=local

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
binddn REMOVED
bindpw REMOVED
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub

referrals            no
nss_min_uid            1000
pam_authz_search (!(userAccountControl:1.2.840.113556.1.4.803:=2))

#filter passwd(&(objectClass=user)(objectClass=person)(!(objectClass=computer))(memberOf=CN=DomainAdmins,CN=Users,DC=home,DC=local)(!(sAMAccountName=Administrator)))filter passwd(&(objectClass=user)(objectClass=person)(!(objectClass=computer)))

map passwd uid            sAMAccountName
map passwd uidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637
map passwd gidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637
map passwd homeDirectory "${unixHomeDirectory:-/home/$sAMAccountName}"
map passwd loginShell        "${loginShell:-/bin/bash}"
map passwd gecos        displayName

#filter shadow(&(objectClass=user)(objectClass=person)(!(objectClass=computer))(memberOf=CN=DomainAdmins,CN=Users,DC=home,DC=home,DC=local)(!(sAMAccountName=Administrator)))filter shadow(&(objectClass=user)(objectClass=person)(!(objectClass=computer)))

map shadow uid            sAMAccountName
map shadow shadowLastChange    pwdLastSet

filter group (|(objectClass=group)(objectClass=person))

#filter group(|(objectClass=group)(&(objectClass=person)(memberOf=CN=DomainAdmins,CN=Users,DC=home,DC=local)(!(sAMAccountName=Administrator))))

map group cn            sAMAccountName
map group gidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637

When I run nscd with -dd and compare the output between the two machinesI see one major difference, on the desktop put_simple_filter for theobjectSid is:

put_simple_filter:"objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\56\f3\6d\5f\cf\bd\d3\99\ad\18\0f\50\53\04\00\00"


On the RPi it is:

put_simple_filter:"objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\56\f3\6d\5f\ff\ff\ff\7f\ad\18\0f\50\53\04\00\00"

Note the four bytes that are wrong, this looks like an endian bugbecause 7fffffff is max int32. Any help would be much appreciated.


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Possible bug in cross platform code, Geoffrey McRae

Re: Possible bug in cross platform code, Geoffrey McRae
- Re: Possible bug in cross platform code, Geoffrey McRae
  - Re: Possible bug in cross platform code, Arthur de Jong

Prev by Date: Re: misleading or incomplete error message when using starttls and certificate is expired
Next by Date: Re: Possible bug in cross platform code
Previous by thread: Re: misleading or incomplete error message when using starttls and certificate is expired
Next by thread: Re: Possible bug in cross platform code