[PATCH]Re: ldap machine suffix behavior

Stefan (metze) Metzmacher metze at metzemix.de
Fri Jun 13 05:59:37 GMT 2003 

At 13:38 12.06.2003 -0500, Gerald (Jerry) Carter wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 11 Jun 2003, Steve Langasek wrote:
>
> > The crucial difference seems to be that with the new patch, the 'ldap
> > suffix' is only appended if the 'ldap machine suffix' has a trailing
> > comma -- indicating that it's not a fully-qualified dn.  So this is not
>
>no.  It is always appended or at least should be.  See
>param/loadparm.c:handle_ldap_sub_suffix().  If 'ldap suffix' has not been
>set then set the string and return.  Otherwise append
>",ldap_ldap_suffix()" string to the new suffix.  Set that string and
>return.
>
>         pstrcpy(suffix, pszParmValue);
>
>         if (! *Globals.szLdapSuffix ) {
>                 string_set( ptr, suffix );
>                 return True;
>         }
>         else {
>                 if ( *pszParmValue )
>                         pstrcat(suffix, ",");
>                 pstrcat(suffix, Globals.szLdapSuffix);
>         }
>
>
>This means that you can have disparate suffixes by not defining 'ldap
>suffix' at all. Which is a better solution.  Thus you can set
>
>         ldap suffix             = dc=plainjoe,dc=org
>         ldap idmap suffix       = ou=idmap
>         ldap group suffix       = ou=group
>         ldap user suffix        = ou=people
>         ldap machine suffix     = ou=people
>
>or
>
>         ldap idmap suffix       = ou=idmap,dc=plainjoe,dc=org
>         ldap group suffix       = ou=group,dc=plainjoe,dc=org
>         ldap user suffix        = ou=people,dc=plainjoe,dc=org
>         ldap machine suffix     = ou=computers,dc=some dn

an empty 'ldap suffix' is not accepted since all ldap searches are done on 
lp_ldap_suffix().

the other suffixes are used when we add new records to the ldap database.

This valid in 3.0alpha24:

         ldap suffix = dc=plainjoe,dc=org
         ldap idmap suffix       = ou=idmap,dc=plainjoe,dc=org
         ldap group suffix       = ou=group,dc=plainjoe,dc=org
         ldap user suffix       = ou=people,dc=plainjoe,dc=org
         ldap machine suffix     = ou=computers,dc=some dn

this will end in this (in 3.0.0beta1):


         lp_ldap_suffix() = dc=plainjoe,dc=org
         lp_ldap_idmap_suffix() = 
ou=idmap,dc=plainjoe,dc=org,dc=plainjoe,dc=org
         lp_ldap_group suffix()  = 
ou=group,dc=plainjoe,dc=org,dc=plainjoe,dc=org
         lp_ldap_user_suffix() = 
ou=people,dc=plainjoe,dc=org,dc=plainjoe,dc=org
         lp_ldap_machine_suffix() = ou=computers,dc=some dn,dc=plainjoe,dc=org




metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>

More information about the samba-technical mailing list