[PATCH] LDAP suffix behaviour

José Luis Tallón jltallon at adv-solutions.net
Thu Sep 11 16:18:01 GMT 2003


At 16:10 11/09/2003 +1000, Tim Potter wrote:
>According to the manual page, the various ldap suffixes (user, group,
>machine and idmap) take the value of the top level 'ldap suffix'
>parameter if not defined.  In the actual code, the value of the ldap
>suffix is appended to the various subsuffixes.

It seems much more intuitive w.r.t the parameter's name to keep the current 
behaviour and correct documentation accordingly.
I assume all lazy typists out there will agree( as well as reducing the 
chances for typos in config files )


>This produces some bizzare swat behaviour as setting the
>value of the ldap suffix changes the value of the subsuffixes
>after you hit Submit and you end up with multiple copies of the
>ldap suffix appended to the subsuffix values.

Then, correct SWAT as well.

>Anyway, this patch fixes things although it does change current
>behaviour however it changes it to what the documentation says.

IMVHO

'ldap suffix' implies "suffix for everything".

'ldap {user,group,machine} suffix' implies "suffix for 
{user,group,machines} subtrees in the DIT"


then it is obvious that the actual DN to use would be:
{uid=%s,cn=%s,cn=%s},$ldap_*_suffix,$ldap_suffix



>Tim.

Regards,
         J.L. 




More information about the samba-technical mailing list