preliminary account separation pseudo-patch

Tue Jan 15 14:50:09 GMT 2002

Well, I hacked something up that gives an idea of one way of separating
out the account information ( this patch is against HEAD, but is not
anywhere close to complete, is basically just a function for determining
the likely search base from a search filter).  
Things I don't like about this patch: a lot 
things I do like: it would theoretically work for most situations

this doesn't handle the fact that it would only conceivably work if
'ldap machine suffix' and 'ldap user suffix' are branches of the 'ldap
suffix'  (and that's the only reasonable way I see to do it, otherwise
we can run into a number of situations where we have to search both
machine and user trees, which would be non-optimal, but possible).

Well, now that I've thought about this a little bit more (namely in
typing this email) the same could be accomplished through actually
searching both trees, however that's just icky.  Then, the only time the
"right" base would even need to be known is at insert time, when we do
actually know the account type . . . hmm. Thoughts?

--shahms

--- pdb_ldap.c.orig	Tue Jan 15 14:07:48 2002
+++ pdb_ldap.c	Tue Jan 15 14:24:26 2002
@@ -173,21 +173,60 @@
 }
 
 /*******************************************************************
+ returns the appropriate ldap suffix for the search filter
+ some heuristics for guessing whether the account is user,
+ machine or indeterminate
+*******************************************************************/
+static char * get_full_suffix(const char *filter)
+{
+	char *tmp;
+	char *name;
+	const char *default_filter = lp_ldap_filter();
+	int start, end, size;
+
+	tmp = strstr(default_filter,"%u");
+	if (tmp == NULL)
+	{
+		DEBUG(0,("get_full_suffix: LDAP Filter Error, no %%u!\n"));
+		return lp_ldap_suffix();
+	}
+	start = tmp - default_filter;
+	tmp = strstr(filter, tmp + 2); /* size of %u in bytes */
+	if ( tmp == NULL )
+	{
+		DEBUG(2,("get_full_suffix: LDAP filter not user name search\n"));
+		return lp_ldap_suffix();
+	}
+	end = tmp - filter;
+
+	size = sizeof(char) * ( end - start );
+	name = (char *)malloc(size + 1);
+	strncpy(name, filter + start, size);
+	*(name + size + 1) = '\0';
+	if ( strchr(name,'$') )
+		return lp_ldap_machine_suffix();
+	else
+		return lp_ldap_user_suffix();
+
+}
+
+/*******************************************************************
  run the search by name.
 ******************************************************************/
 static int ldap_search_one_user (LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
 {
 	int scope = LDAP_SCOPE_SUBTREE;
 	int rc;
+	char *suffix = get_full_suffix(filter);
 
 	DEBUG(2, ("ldap_search_one_user: searching for:[%s]\n", filter));
 
-	rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result);
+	rc = ldap_search_s(ldap_struct, suffix, scope, filter, NULL, 0, result);
 
 	if (rc != LDAP_SUCCESS)	{
 		DEBUG(0,("ldap_search_one_user: Problem during the LDAP search: %s\n", 
 			ldap_err2string (rc)));
-		DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n", lp_ldap_suffix(), 
+		DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n", suffix, 
 			filter));
 	}
 	



