On Tue, 2007-08-14 at 17:44 -0500, Wolfe, Allan wrote:
> Good question.
>
> I spent some time testing today. They only test box I could quickly
> test on was a Solaris 8 with patch 108993-36 applied that affects
> autofs, NSS, PAM, ldapclient and associated user utilities (this patch
> is quite old --> current is 108993-67).
>
> The results were quite surprising as I distinctly remember having to
> insert those delimited cn entries for the benefit of Solaris back 3
> years ago when we integrated LDAP into our enterprise. Bottom line, I
> see that a delimited entry is seemingly no longer needed. No matter
> what the test case that was run, the cn as described in the dn prevailed
> by default to appear as the stub. Oddly, when accessing a mount
> directly pathed as an alternate cn, it would mount and appear in that
> form. Here are notes from my testing below:
But you guys confirmed that the % hack is present in OpenSolaris so
perhaps the patch below will provide the behavior we need.
Could someone try this patch out please.
---
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index de8d515..7cb4e58 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -1226,34 +1226,50 @@ static int read_one_map(struct autofs_point *ap,
* value.
*/
count = ldap_count_values_len(bvKey);
- if (count > 2) {
- error(ap->logopt,
- MODPREFIX
- "key %.*s has duplicate entries - ignoring",
- bvKey[0]->bv_len, bvKey[0]->bv_val);
- goto next;
- } else if (count == 2) {
+ if (count > 1) {
unsigned int i;
/* Check for the "/" and "*" and use as "/" if found */
for (i = 0; i < count; i++) {
- /* check for wildcard */
- if (bvKey[i]->bv_len != 1)
- continue;
- if (*bvKey[i]->bv_val != '/' &&
- *bvKey[i]->bv_val != '*')
+ bvKey[i]->bv_val[bvKey[i]->bv_len] = '\0';
+
+ /*
+ * If multiple entries are present they could
+ * be the result of people using the "%" hack so
+ * ignore them.
+ */
+ if (strchr(bvKey[i]->bv_val, '%'))
continue;
- /* always use '/' internally */
- *bvKey[i]->bv_val = '/';
+
+ /* check for wildcard */
+ if (bvKey[i]->bv_len == 1 &&
+ (*bvKey[i]->bv_val == '/' ||
+ *bvKey[i]->bv_val == '*')) {
+ /* always use '/' internally */
+ *bvKey[i]->bv_val = '/';
+ k_val = bvKey[i]->bv_val;
+ k_len = 1;
+ break;
+ }
+
+ /*
+ * We have a result from LDAP so this is a
+ * valid entry. Set the result to the LDAP
+ * key that isn't a wildcard and doesn't have
+ * any "%" hack values present. This should be
+ * the case insensitive match string for the
+ * nis schema, the default value.
+ */
k_val = bvKey[i]->bv_val;
- k_len = 1;
+ k_len = bvKey[i]->bv_len;
+
break;
}
if (!k_val) {
error(ap->logopt,
MODPREFIX
- "key %.*s has duplicate entries -
ignoring",
+ "invalid entry %.*s - ignoring",
bvKey[0]->bv_len, bvKey[0]->bv_val);
goto next;
}
@@ -1509,34 +1525,48 @@ static int lookup_one(struct autofs_point *ap,
* value.
*/
count = ldap_count_values_len(bvKey);
- if (count > 2) {
- error(ap->logopt,
- MODPREFIX
- "key %.*s has duplicate entries - ignoring",
- bvKey[0]->bv_len, bvKey[0]->bv_val);
- goto next;
- } else if (count == 2) {
+ if (count > 1) {
unsigned int i;
/* Check for the "/" and "*" and use as "/" if found */
for (i = 0; i < count; i++) {
- /* check for wildcard */
- if (bvKey[i]->bv_len != 1)
+ bvKey[i]->bv_val[bvKey[i]->bv_len] = '\0';
+
+ /*
+ * If multiple entries are present they could
+ * be the result of people using the "%" hack so
+ * ignore them.
+ */
+ if (strchr(bvKey[i]->bv_val, '%'))
continue;
- if (*bvKey[i]->bv_val != '/' &&
- *bvKey[i]->bv_val != '*')
- continue;
- /* always use '/' internally */
- *bvKey[i]->bv_val = '/';
- k_val = bvKey[i]->bv_val;
- k_len = 1;
+
+ /* check for wildcard */
+ if (bvKey[i]->bv_len == 1 &&
+ (*bvKey[i]->bv_val == '/' ||
+ *bvKey[i]->bv_val == '*')) {
+ /* always use '/' internally */
+ *bvKey[i]->bv_val = '/';
+ k_val = bvKey[i]->bv_val;
+ k_len = 1;
+ break;
+ }
+
+ /*
+ * The key was matched by LDAP so this is a
+ * valid entry. Set the result key to the
+ * lookup key to provide the mixed case
+ * matching provided by the "%" hack.
+ */
+ k_val = qKey;
+ k_len = strlen(qKey);
+
break;
}
if (!k_val) {
error(ap->logopt,
- MODPREFIX "key %.*s has duplicate
entries",
- bvKey[0]->bv_len, bvKey[0]->bv_val);
+ MODPREFIX "no valid key found for %.*s",
+ qKey_len, qKey);
ret = CHE_FAIL;
goto next;
}
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
