From 8eef70242e661d55cdc0fae7f5328c780ec6d60a Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon, 13 Jul 2015 17:51:01 -0700
Subject: [PATCH] Ticket #48223 - Winsync fails when AD users have multiple
spaces (two)inside the value of the rdn attribute
Description: When the dirsync search returns a remote entry, winsync
search the entry with DN to retrieve the whole attribute value pairs.
The DN used for the search was normalized which replaced multiple white-
spaces with one in the DN. This patch does not used the normalized DN,
but the same DN given by AD.
The DN normalization behaviour was introduced to fix a ticket #529 -
dn normalization must handle multiple space characters in attributes.
Added additional debugging to get the info which entry failed to sync.
https://fedorahosted.org/389/ticket/48223
Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
(cherry picked from commit 8622b69a733a6126414876f11ab627211cb3bd06)
---
ldap/servers/plugins/posix-winsync/posix-group-func.c | 2 +-
ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index 5f841e5..a497f3f 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
}
else {
slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
- "getEntry: error searching for uid: %d\n", rc);
+ "getEntry: error searching for uid %s: %d\n", udn, rc);
}
return NULL;
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index dabc936..ca79021 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -3244,7 +3244,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
const char *searchbase = NULL;
Slapi_Entry *found_entry = NULL;
- searchbase = slapi_sdn_get_dn(remote_dn);
+ searchbase = slapi_sdn_get_udn(remote_dn);
cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
if (cres)
{
@@ -5904,13 +5904,16 @@ retry:
remote_entry = NULL;
} else
{
- slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
+ "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
}
slapi_entry_free(local_entry);
if (rc) {
/* Something bad happened */
- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
- slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
+ "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
}
} else
{
--
1.9.3