Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4823

Names of domains from a trusted forest should be compared case-insentive

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Low
    • 1
    • rhel-idm-ipa
    • ssg_idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • IPA: RHELs for 10.2 and 9.8
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      If the AD forest root has a mix case name the this is preserved for the trust object. It looks like netr_DsRGetForestTrustInformation returns this name in all lower case, which is ok since DNS names are case-insensitive.

      Unfortunately there is a case-sensitive comparison in fetch_domains():

      for t in domains.entries:
      if t.type == lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
      tname = unicode(t.forest_trust_data.dns_domain_name.string)
      if tname == trustdomain: <<<<<<<<<<<<<<<<<<<<<<<<<<
      continue
      result['domains'][tname] =

      { 'cn': tname, 'ipantflatname': unicode( t.forest_trust_data.netbios_domain_name.string), 'ipanttrusteddomainsid': unicode( t.forest_trust_data.domain_sid) }

      elif t.type == lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
      tname = unicode(t.forest_trust_data.string)
      if tname == trustdomain:

      and as a result the forest root is added a second time as forest member which casuse all kind of unexpected behavior.

              frenaud@redhat.com Florence Renaud
              sbose@redhat.com Sumit Bose
              Florence Renaud Florence Renaud
              Anuja More Anuja More
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: