Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232377 - PAM passthru ENTRY method not working
Summary: PAM passthru ENTRY method not working
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Server - Plugins
Version: 1.0.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: FDS1.1.0
TreeView+ depends on / blocked
 
Reported: 2007-03-15 02:24 UTC by Rich Megginson
Modified: 2015-12-07 16:55 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 16:55:19 UTC


Attachments (Terms of Use)
diffs (deleted)
2007-03-15 16:40 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (deleted)
2007-03-15 18:22 UTC, Rich Megginson
no flags Details

Description Rich Megginson 2007-03-15 02:24:56 UTC
The PAM passthru ENTRY method does not work.

Comment 1 Rich Megginson 2007-03-15 16:40:39 UTC
Created attachment 150138 [details]
diffs

Comment 2 Noriko Hosoi 2007-03-15 18:21:46 UTC
Looks good to me.

Comment 3 Rich Megginson 2007-03-15 18:22:57 UTC
Created attachment 150148 [details]
cvs commit log

Reviewed by: prowley (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the
bind DN, it must have a component ID (aka plugin identity).  The code was
already there to get/set it, but it was never initialized in the init function.

2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will
erase the knowledge that the Slapi_DN was allocated with malloc and it will not
free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g.
ou=people,dc=example,dc=com) instead of a suffix for the list of
included/excluded suffixes.  The error message will not print a list of valid
suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping
tree code that the backend is started during startup.  This works fine under
normal conditions because most all of the code in mapping_tree.c will lookup
the backend if the mtn_be pointer in the mapping tree node is NULL.  However,
slapi_be_exist and slapi_be_select do not do this.  The proper solution is to
call slapi_mtn_be_started() at database startup time.  This is the same thing
that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no

Comment 6 Amita Sharma 2011-06-20 06:54:58 UTC
PAM passthrough startup Tests  PASS       : 100% (13/13)
PAM passthrough run Tests  PASS       : 100% (9/9)
 PAM passthrough cleanup Tests  PASS       : 100% (5/5)

hence marking Verified -sanity only.


Note You need to log in before you can comment on or make changes to this bug.