[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to implement Extended DNs for Samba4?



On Tue, 2008-10-21 at 00:21 -0700, Howard Chu wrote:
> Andrew Bartlett wrote:
> > At the CIFS plugfest it became clear that Samba3 requires that we
> > complete the implementation of 'extended DN' replies in the Samba4 LDAP
> > server.

> We already carry a bunch of Samba-related modules in our contrib branch. I 
> don't see any problem with adding this one. In this case all you need is a 
> module to implement parsing and processing of your magic Extended DN control.

OK.

> Frankly, I can see this being generally useful, if you define the semantics 
> broadly enough. For example, the request control could take a data argument 
> providing:
> 	MagicData ::= SEQUENCE of DerefSpec
> 
> 	DerefSpec ::= SEQUENCE {
> 		DerefAttr	attributedescription,
> 		attributes	attrlist }
> 
> 	attrlist ::= SEQUENCE of attr attributedescription
> 		
> So for each DerefAttr, dereference the name and extract the attributes from 
> the target entry, and return them all in the response control.

I would really, really love to have someone knock up a module like this
for me.  (I'm unlikely to do so successfully).

The only comment I have is that these links would need to cross database
boundaries (like the refint and memberof modules now do).  We should
also possibly have some way to work when pointing at targets outside the
current directory (which we don't support at the moment, but I'm told we
will need to support).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part