UTF-8 support and other quirks in the LDAP backend (in 2.2.4).

Andrew Bartlett abartlet at samba.org
Tue Jun 18 17:37:02 GMT 2002

"Shahms E. King" wrote:
> > One problem we uncovered is that the backend needs to convert all strings
> > stored in LDAP to/from UTF-8. This mainly affects users real names which
> > look quite borked if they contain non 7bit ASCII chars. Some LDAP servers
> > will let you use any charset but OpenLDAP likes to enforce UTF-8 (also the
> > LDAPv3 standard mandates it).
> Well, that's what I get for living in the US, i18n bugs don't tend to
> bite me in the butt.

Yes, we have a patch in the works to do this for the ADS LDAP code, and
once that is in I'll look at how to merge it for pdb_ldap.

> > Binding to the LDAP server with v3 of the protocol would be nice, since v2
> > is deprecated in OpenLDAP v2.1 (OK, so v2.1 isn't ready for prime time
> > yet, but it's still nice to get it done).
> We do bind in v3 if it's supported, otherwise we fall back to v2 (or at
> least, we used to, but I'm pretty sure it hasn't changed.)
> > Sane defaults need to be added for optional attributes, for example
> > pwdMustChange ought to be never if it's not present in the users
> > record.
> This sounds suspiciously like the (more serious) rid issues that
> happened a while ago, but I don't think it should be something that is
> too difficult to fix; then again, I haven't looked at pdb_ldap.c in a
> while.

This is fixed in HEAD, and has been for a fair while.  Attributes not
present revert to defaults, and are not resaved.

> > My question is if anyone is actively working on the LDAP backend and if
> > the above problems will be fixed soon. Else I will start working on it
> > myself and submit some patches.
> I don't know about the other contributors, but I personally am no longer
> actively working on it.  I do, however, maintain an active interest in
> it, and if I'm mistaken about binding with version 3, that is something
> I will address.  I am, however, woefully lacking knowledge about
> character set conversions at the moment, so if you would care to take
> care of those issues I (and the rest of the non-English speaking, LDAP
> and Samba using world) would be grateful.

I maintain pdb_ldap in HEAD, as I use it at my site.  

(It was a the subject of a mildly hostile takeover earlier this year,
along with the rest of the passdb subsystem ;-)

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list