[webmin-devel] Re: webadmin-devel digest, Vol 1 #379 - 9 msgs

[Isaac F. <is...@co...>]

Yeah, this can be dropped.  It should be added as an attribute in the 
module config if it's needed.  It's an optional attribute for the 
sambaAccount object class.   Also, I found another bug here:

in save_user.cgi
line 157:
                 $pass = "{crypt}".$pass if ($pass !~ /^\{crypt\}/);
should be:
                 $pass = "{crypt}".$pass if ($pass !~ /^\{crypt\}/i);

and
line 770:
$user{'pass'} =~ s/^{crypt}//;
should be:
$user{'pass'} =~ s/^{crypt}//i;

Otherwise, if the ldap server or some other process updates the 
userPassword attribute and makes it {Crypt}<cryptedpass> then 
save_user.cgi will make it  {crypt}{Crypt}<cryptedpass>  which breaks 
any authentication attempt.  Just needs to be case-insensitive.

-Isaac


On Feb 11, 2004, at 3:43 PM, 
web...@li... wrote:

> Message: 2
> Subject: Re: [webmin-devel] Bug adding Samba user with LDAP users & 
> groups
> From: Jamie Cameron <jca...@we...>
> To: web...@li...
> Organization:
> Date: 01 Feb 2004 22:58:19 +1100
> Reply-To: web...@li...
>
> Thanks for the information - unless someone on the list suggests
> otherwise, I will drop that attribute in the next release. It was added
> by a user-contributed patch, so I am not too sure myself how necessary
> it really is ..
>
>  - Jamie
>
> On Sun, 2004-02-01 at 12:48, Wil Cooley wrote:
>> I noticed a bug in the Samba attributes in the LDAP Users & Groups
>> module.  The module adds sambaPrimaryGroupSID and presumes that the 
>> RID
>> can be algorithmically generated.  There are several "well known" 
>> groups
>> and corresponding RIDs, such as the "Domain Users" group with RID of
>> 513.  It would be better to ascertain the group SID with an LDAP query
>> if the group already exists; however, considering that the smbldap 
>> tools
>> do not populate this attribute and none of the docs mention that it is
>> required, it would probably be best to simply not add the attribute.
>>
>> Wil
>
>
>