Bug 51685

Summary: diag-domain-client: check_domain_controllers: ldapsearch: unrecognized option -h
Product: Sisyphus Reporter: Osmolovskaya Anastasia <osmolovskayaaa>
Component: diag-domain-clientAssignee: Evgeny Sinelnikov <sin>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P5 CC: liannnix, sheriffkorov, sin, varaksaaa
Version: unstable   
Hardware: x86_64   
OS: Linux   

Description Osmolovskaya Anastasia 2024-10-10 16:33:22 MSK 
Версия пакета: diag-domain-client-0.2.8-alt2

Стенды (обновлены до сизифа):
KWorkstation 10.3 x86-64
Workstation 10.2 x86-64

Шаги для воспроизведения:
1. Развернуть Samba домен и ввести клиента в домен
2. На клиенте выполнить: 
# kinit
# diag-domain-client --verbose

Ожидаемый результат: успешное прохождение всех тестов
Реальный результат: Check domain controllers list: [FAIL], хотя вывод

| check_kerberos_and_ldap_srv_records |
-------------------------------------------------------------------------------
$ host -t srv _kerberos._udp.samba.testdomain
_kerberos._udp.samba.testdomain has SRV record 0 100 88 dc.samba.testdomain.
_kerberos._udp.samba.testdomain has SRV record 0 100 88 dc2.samba.testdomain.

$ host -t srv _ldap._tcp.samba.testdomain
_ldap._tcp.samba.testdomain has SRV record 0 100 389 dc.samba.testdomain.
_ldap._tcp.samba.testdomain has SRV record 0 100 389 dc2.samba.testdomain.

успешный
Comment 1 Artem Varaksa 2025-07-16 16:17:48 MSK 
Ошибка актуальна для p11 и sisyphus.

[p11]
diag-domain-client-0.3-alt2.noarch
samba-4.20.8-alt2.x86_64

[sisyphus]
diag-domain-client-0.4-alt1.noarch
samba-4.21.7-alt1.x86_64



Проваливается не тест

> check_kerberos_and_ldap_srv_records

а check_domain_controllers:

# diag-domain-client check_domain_controllers --verbose


> $ host -t srv _ldap._tcp.samba.testdomain | cut -d ' ' -f 8
> dc.samba.testdomain.
>
> $ host dc.samba.testdomain. | sed 's/^.* //g'
> <ipv4>
> <ipv6>
>
> $ kinit -k KWORK$\@SAMBA.TESTDOMAIN
>
> $ ldapsearch -o nettimeout=30 -Y GSSAPI -N -h dc.samba.testdomain. -b dc=samba,dc=testdomain "(&(ObjectClass=computer)> (objectCategory=Computer)(name=dc))" | grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' '
> ldapsearch: invalid option -- 'h'
> ldapsearch: unrecognized option -h
> usage: ldapsearch [options] [filter [attributes...]]
> ...
>
> $ kdestroy -A
Comment 2 Artem Varaksa 2025-07-17 13:22:08 MSK 
Нужно поменять на -H ldap://<realm>. в тесте.
Comment 3 Artem Varaksa 2025-07-17 13:26:42 MSK 
Опечатка, `-H ldap://dc.<realm>.` в данном случае, т. е. `-H ldap://dc.samba.testdomain.`:

> ldapsearch -o nettimeout=30 -Y GSSAPI -N -H ldap://dc.samba.testdomain. -b dc=samba,dc=testdomain "(&(ObjectClass=computer)> (objectCategory=Computer)(name=dc))" | grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' '

Но в таком случае появляется другая ошибка:

> SASL/GSSAPI authentication started
> SASL username: Administrator@SAMBA.TESTDOMAIN
> SASL SSF: 256
> SASL data security layer installed.
> ldap_search_ext: Bad search filter (-7)
Comment 4 Repository Robot 2025-07-24 22:23:24 MSK 
diag-domain-client-0.5-alt1 -> sisyphus:

Thu Jul 24 2025 Andrey Limachko <liannnix@altlinux> 0.5-alt1
- fix: shell script sourcing with shellcheck directives
- fix: remove unused message helper functions
- fix: refactor init_vars function for better variable initialization
- feat: refactor message formatting
- fix: update shell script includes to use full paths
- fix: verbose logging in __log function
- fix: shell quoting in _command return value
- fix: update __not_root_skip to use simpler message format
- fix: only run kdestroy as root in _check_domain_controller
- fix: use ldapsearch -H option (Closes: #51685)
- fix: resolve shellcheck warnings
- fix: format script with shfmt