On Tue, 2008-10-21 at 00:21 -0700, Howard Chu wrote: > Andrew Bartlett wrote: > > At the CIFS plugfest it became clear that Samba3 requires that we > > complete the implementation of 'extended DN' replies in the Samba4 LDAP > > server. > We already carry a bunch of Samba-related modules in our contrib branch. I > don't see any problem with adding this one. In this case all you need is a > module to implement parsing and processing of your magic Extended DN control. OK. > Frankly, I can see this being generally useful, if you define the semantics > broadly enough. For example, the request control could take a data argument > providing: > MagicData ::= SEQUENCE of DerefSpec > > DerefSpec ::= SEQUENCE { > DerefAttr attributedescription, > attributes attrlist } > > attrlist ::= SEQUENCE of attr attributedescription > > So for each DerefAttr, dereference the name and extract the attributes from > the target entry, and return them all in the response control. I would really, really love to have someone knock up a module like this for me. (I'm unlikely to do so successfully). The only comment I have is that these links would need to cross database boundaries (like the refint and memberof modules now do). We should also possibly have some way to work when pointing at targets outside the current directory (which we don't support at the moment, but I'm told we will need to support). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part