Bug#619889: heimdal-kdc: KDC does not find samba accounts in LDAP backend due to wrong search filter

Mon, 28 Mar 2011 02:00:19 -0700 

Package: heimdal-kdc
Version: 1.4.0~git20100726.dfsg.1-1+b1
Severity: normal
Tags: patch

Hello,

current heimkdal-kdc in Debian 6 (1.4.0~git20100726.dfsg.1-1+b1) is a
pre-release snapshot (1.3.99) of heimdal 1.4. When using an LDAP backend that
contains samba accounts, they are not recognized as principals due to a wrong
search filter. This has been fixed in 1.4 release with commit
https://github.com/heimdal/heimdal/commit/901d655ba7d9dd4f912508b89c6e6803ee95b843#lib/hdb
/hdb-ldap.c. As to be expected, heimdal-kdc 1.4.0-4 in testing does not have
this problem and recognises samba accounts. An update of the package in Debian
6 or backport of this fix would be greatly appreaciated.

Thanks,
Micha

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages heimdal-kdc depends on:
ii  debconf [d 1.5.36.1                      Debian configuration management sy
ii  heimdal-cl 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - clients
ii  krb5-confi 2.2                           Configuration files for Kerberos V
ii  libasn1-8- 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - ASN.1 library
ii  libc6      2.11.2-10                     Embedded GNU C Library: Shared lib
ii  libdb4.8   4.8.30-2                      Berkeley v4.8 Database Libraries [
ii  libedit2   2.11-20080614-2               BSD editline and history libraries
ii  libgssapi2 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - GSSAPI support
ii  libhdb9-he 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - kadmin server l
ii  libkadm5sr 1.4.0~git20100726.dfsg.1-1+b1 Libraries for Heimdal Kerberos
ii  libkdc2-he 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - KDC support lib
ii  libkrb5-26 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - libraries
ii  libroken18 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - roken support l
ii  libsl0-hei 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - SL support libr
ii  libssl0.9. 0.9.8o-4                      SSL shared libraries
ii  openbsd-in 0.20080125-6                  The OpenBSD Internet Superserver

Versions of packages heimdal-kdc recommends:
ii  logrotate                     3.7.8-6    Log rotation utility

Versions of packages heimdal-kdc suggests:
pn  heimdal-docs                  <none>     (no description available)
-- 
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, 
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196 


--- heimdal-1.3.3/lib/hdb/hdb-ldap.c    2010-05-26 23:53:13.000000000 +0200
+++ heimdal-1.4/lib/hdb/hdb-ldap.c      2010-09-13 09:23:34.000000000 +0200
@@ -886,7 +886,7 @@
        ldap_msgfree(*msg);
        *msg = NULL;
        
-       ret = escape_value(context, princname, &quote);
+       ret = escape_value(context, userid, &quote);
        if (ret)
            goto out;

Reply via email to