51685 2024-10-10 16:33:22 +0300 diag-domain-client: check_domain_controllers: ldapsearch: unrecognized option -h 2025-07-24 22:23:24 +0300 1 1 4 Development Sisyphus diag-domain-client unstable x86_64 Linux CLOSED FIXED P5 normal --- 1 osmolovskayaaa sin kozyrevid liannnix sheriffkorov sin varaksaaa qa-sisyphus oldest_to_newest 252836 0 osmolovskayaaa 2024-10-10 16:33:22 +0300 Версия пакета: diag-domain-client-0.2.8-alt2 Стенды (обновлены до сизифа): KWorkstation 10.3 x86-64 Workstation 10.2 x86-64 Шаги для воспроизведения: 1. Развернуть Samba домен и ввести клиента в домен 2. На клиенте выполнить: # kinit # diag-domain-client --verbose Ожидаемый результат: успешное прохождение всех тестов Реальный результат: Check domain controllers list: [FAIL], хотя вывод | check_kerberos_and_ldap_srv_records | ------------------------------------------------------------------------------- $ host -t srv _kerberos._udp.samba.testdomain _kerberos._udp.samba.testdomain has SRV record 0 100 88 dc.samba.testdomain. _kerberos._udp.samba.testdomain has SRV record 0 100 88 dc2.samba.testdomain. $ host -t srv _ldap._tcp.samba.testdomain _ldap._tcp.samba.testdomain has SRV record 0 100 389 dc.samba.testdomain. _ldap._tcp.samba.testdomain has SRV record 0 100 389 dc2.samba.testdomain. успешный 269273 1 varaksaaa 2025-07-16 16:17:48 +0300 Ошибка актуальна для p11 и sisyphus. [p11] diag-domain-client-0.3-alt2.noarch samba-4.20.8-alt2.x86_64 [sisyphus] diag-domain-client-0.4-alt1.noarch samba-4.21.7-alt1.x86_64 Проваливается не тест > check_kerberos_and_ldap_srv_records а check_domain_controllers: # diag-domain-client check_domain_controllers --verbose > $ host -t srv _ldap._tcp.samba.testdomain | cut -d ' ' -f 8 > dc.samba.testdomain. > > $ host dc.samba.testdomain. | sed 's/^.* //g' > <ipv4> > <ipv6> > > $ kinit -k KWORK$\@SAMBA.TESTDOMAIN > > $ ldapsearch -o nettimeout=30 -Y GSSAPI -N -h dc.samba.testdomain. -b dc=samba,dc=testdomain "(&(ObjectClass=computer)> (objectCategory=Computer)(name=dc))" | grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' ' > ldapsearch: invalid option -- 'h' > ldapsearch: unrecognized option -h > usage: ldapsearch [options] [filter [attributes...]] > ... > > $ kdestroy -A 269321 2 varaksaaa 2025-07-17 13:22:08 +0300 Нужно поменять на -H ldap://<realm>. в тесте. 269324 3 varaksaaa 2025-07-17 13:26:42 +0300 Опечатка, `-H ldap://dc.<realm>.` в данном случае, т. е. `-H ldap://dc.samba.testdomain.`: > ldapsearch -o nettimeout=30 -Y GSSAPI -N -H ldap://dc.samba.testdomain. -b dc=samba,dc=testdomain "(&(ObjectClass=computer)> (objectCategory=Computer)(name=dc))" | grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' ' Но в таком случае появляется другая ошибка: > SASL/GSSAPI authentication started > SASL username: Administrator@SAMBA.TESTDOMAIN > SASL SSF: 256 > SASL data security layer installed. > ldap_search_ext: Bad search filter (-7) 269812 4 repository-robot 2025-07-24 22:23:24 +0300 diag-domain-client-0.5-alt1 -> sisyphus: Thu Jul 24 2025 Andrey Limachko <liannnix@altlinux> 0.5-alt1 - fix: shell script sourcing with shellcheck directives - fix: remove unused message helper functions - fix: refactor init_vars function for better variable initialization - feat: refactor message formatting - fix: update shell script includes to use full paths - fix: verbose logging in __log function - fix: shell quoting in _command return value - fix: update __not_root_skip to use simpler message format - fix: only run kdestroy as root in _check_domain_controller - fix: use ldapsearch -H option (Closes: #51685) - fix: resolve shellcheck warnings - fix: format script with shfmt