Fix bug 6157

This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 353e01aba6447adfbd227c5ee36eb3be05563134..3ac770a548b462d376f7f9216812e676382b0ef2 100644 (file)
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -211,6 +211,9 @@ const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver );
 char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
                                       const char *attribute,
                                       TALLOC_CTX *mem_ctx);
+char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+                                        const char *attribute,
+                                        TALLOC_CTX *mem_ctx);
 void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result);
 void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod);
 char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 63629265f1994ee5f717de8bc2874c5fb769ac9d..4360d3ab578008860d61d4bba291bc4047af95ea 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -333,6 +333,62 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
        return result;
 }
 
+ char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+                                         const char *attribute,
+                                         TALLOC_CTX *mem_ctx)
+{
+       char **values;
+       char *result;
+       size_t converted_size;
+       int i, num_values;
+
+       if (attribute == NULL) {
+               return NULL;
+       }
+
+       values = ldap_get_values(ldap_struct, entry, attribute);
+
+       if (values == NULL) {
+               DEBUG(10, ("attribute %s does not exist\n", attribute));
+               return NULL;
+       }
+
+       if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+               DEBUG(10, ("pull_utf8_talloc failed\n"));
+               ldap_value_free(values);
+               return NULL;
+       }
+
+       num_values = ldap_count_values(values);
+
+       for (i=1; i<num_values; i++) {
+               char *tmp;
+
+               if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
+                                     &converted_size)) {
+                       DEBUG(10, ("pull_utf8_talloc failed\n"));
+                       TALLOC_FREE(result);
+                       ldap_value_free(values);
+                       return NULL;
+               }
+
+               if (StrCaseCmp(tmp, result) < 0) {
+                       TALLOC_FREE(result);
+                       result = tmp;
+               } else {
+                       TALLOC_FREE(tmp);
+               }
+       }
+
+       ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+       DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
+                    attribute, result));
+#endif
+       return result;
+}
+
  static int ldapmsg_destructor(LDAPMessage **result) {
        ldap_msgfree(*result);
        return 0;

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 2d3b91f1849f152cd8001cea063bf110a793dace..a8fdbdae336b888a2beee452d83dab72e421454b 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -560,7 +560,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
                goto fn_exit;
        }
 
-       if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+       if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state),
                                        entry,
                                        "uid",
                                        ctx))) {