Blob Blame Raw
From 8eef70242e661d55cdc0fae7f5328c780ec6d60a Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon, 13 Jul 2015 17:51:01 -0700
Subject: [PATCH] Ticket #48223 - Winsync fails when AD users have multiple
 spaces (two)inside the value of the rdn attribute

Description: When the dirsync search returns a remote entry, winsync
search the entry with DN to retrieve the whole attribute value pairs.
The DN used for the search was normalized which replaced multiple white-
spaces with one in the DN.  This patch does not used the normalized DN,
but the same DN given by AD.

The DN normalization behaviour was introduced to fix a ticket #529 -
dn normalization must handle multiple space characters in attributes.

Added additional debugging to get the info which entry failed to sync.

https://fedorahosted.org/389/ticket/48223

Reviewed by rmeggins@redhat.com (Thank you, Rich!!)

(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
(cherry picked from commit 8622b69a733a6126414876f11ab627211cb3bd06)
---
 ldap/servers/plugins/posix-winsync/posix-group-func.c    |  2 +-
 ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index 5f841e5..a497f3f 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
     }
     else {
         slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
-                        "getEntry: error searching for uid: %d\n", rc);
+                        "getEntry: error searching for uid %s: %d\n", udn, rc);
     }
 
     return NULL;
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index dabc936..ca79021 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -3244,7 +3244,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
 	const char *searchbase = NULL;
 	Slapi_Entry *found_entry = NULL;
 
-	searchbase = slapi_sdn_get_dn(remote_dn);
+	searchbase = slapi_sdn_get_udn(remote_dn);
 	cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
 	if (cres)
 	{
@@ -5904,13 +5904,16 @@ retry:
 						remote_entry = NULL;
 					} else 
 					{
-						slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
+						slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
+						                "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
+						                agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
 					}
 					slapi_entry_free(local_entry);
 					if (rc) {
 						/* Something bad happened */
-						slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
-							slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
+						slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
+						                "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
+						                agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
 					}
 				} else 
 				{
-- 
1.9.3