LDAP receive only needed attributes on search
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Feb 8 03:25:04 GMT 2002
I looked at the ldap_search_s function in pdb_ldap.c:
I think it would be better to receive only the used attributes
because if the user is not only a sambaAccount and posixAccount.
There are maybe attributes like jpegPhoto, userCertificate, ...
and that would be much useless traffic on the network.
metze
----------------------------------------------------------------------------------------------------------------------------------------------
static int ldap_search_one_user (LDAP * ldap_struct, const char *filter,
LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
char *attr[]= { "uid", "pwdLastSet", "logonTime", "logoffTime",
"kickoffTime",
"pwdCanChange", "pwdMustChange", "cn",
"displayName", "homeDrive",
"smbHome", "scriptPath", "profilePath",
"description", "userWorkstations",
"rid", "primaryGroupID",
NULL };
DEBUG(2, ("ldap_search_one_user: searching for:[%s]\n", filter));
rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter,
attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldap_search_one_user: Problem during the LDAP
search: %s\n",
ldap_err2string (rc)));
DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n",
lp_ldap_suffix(),
filter));
}
return rc;
}
...
BOOL pdb_setsampwent(BOOL update)
{
int rc;
pstring filter;
char *attr[]= { "uid", "pwdLastSet", "logonTime", "logoffTime",
"kickoffTime",
"pwdCanChange", "pwdMustChange", "cn",
"displayName", "homeDrive",
"smbHome", "scriptPath", "profilePath",
"description", "userWorkstations",
"rid", "primaryGroupID",
NULL };
if (!ldap_open_connection(&global_ldap_ent.ldap_struct))
{
return False;
}
if (!ldap_connect_system(global_ldap_ent.ldap_struct))
{
ldap_unbind(global_ldap_ent.ldap_struct);
return False;
}
pstrcpy(filter, lp_ldap_filter());
all_string_sub(filter, "%u", "*", sizeof(pstring));
rc = ldap_search_s(global_ldap_ent.ldap_struct, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attr, 0,
&global_ldap_ent.result);
if (rc != LDAP_SUCCESS)
{
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
ldap_msgfree(global_ldap_ent.result);
ldap_unbind(global_ldap_ent.ldap_struct);
global_ldap_ent.ldap_struct = NULL;
global_ldap_ent.result = NULL;
return False;
}
DEBUG(2, ("pdb_setsampwent: %d entries in the base!\n",
ldap_count_entries(global_ldap_ent.ldap_struct,
global_ldap_ent.result)));
global_ldap_ent.entry = ldap_first_entry(global_ldap_ent.ldap_struct,
global_ldap_ent.result);
return True;
}
-------------------------------------------------------------------------------------------------------------------
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list