[PATCH]Re: ldap machine suffix behavior

Gerald (Jerry) Carter jerry at samba.org
Thu Jun 12 18:38:09 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 11 Jun 2003, Steve Langasek wrote:

> The crucial difference seems to be that with the new patch, the 'ldap
> suffix' is only appended if the 'ldap machine suffix' has a trailing
> comma -- indicating that it's not a fully-qualified dn.  So this is not

no.  It is always appended or at least should be.  See 
param/loadparm.c:handle_ldap_sub_suffix().  If 'ldap suffix' has not been 
set then set the string and return.  Otherwise append 
",ldap_ldap_suffix()" string to the new suffix.  Set that string and 
return.

        pstrcpy(suffix, pszParmValue);

        if (! *Globals.szLdapSuffix ) {
                string_set( ptr, suffix );
                return True;
        }
        else {
                if ( *pszParmValue )
                        pstrcat(suffix, ",");
                pstrcat(suffix, Globals.szLdapSuffix);
        }


This means that you can have disparate suffixes by not defining 'ldap
suffix' at all. Which is a better solution.  Thus you can set

        ldap suffix             = dc=plainjoe,dc=org
        ldap idmap suffix       = ou=idmap
        ldap group suffix       = ou=group
        ldap user suffix        = ou=people
        ldap machine suffix     = ou=people

or 

        ldap idmap suffix       = ou=idmap,dc=plainjoe,dc=org
        ldap group suffix       = ou=group,dc=plainjoe,dc=org
        ldap user suffix        = ou=people,dc=plainjoe,dc=org
        ldap machine suffix     = ou=computers,dc=some dn

Granted the second option probably is not quite there yet btw...
I'll clean that yup next week.


cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+6MiSIR7qMdg1EfYRAlkBAKCXByWEs4MaTeFjKlbzaDJPtVtN3wCfT73Y
Ko4KeBOjOcefmfWe0lRS9KQ=
=vXN/
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list