[PATCH] LDAP suffix behaviour
José Luis Tallón
jltallon at adv-solutions.net
Thu Sep 11 16:18:01 GMT 2003
At 16:10 11/09/2003 +1000, Tim Potter wrote:
>According to the manual page, the various ldap suffixes (user, group,
>machine and idmap) take the value of the top level 'ldap suffix'
>parameter if not defined. In the actual code, the value of the ldap
>suffix is appended to the various subsuffixes.
It seems much more intuitive w.r.t the parameter's name to keep the current
behaviour and correct documentation accordingly.
I assume all lazy typists out there will agree( as well as reducing the
chances for typos in config files )
>This produces some bizzare swat behaviour as setting the
>value of the ldap suffix changes the value of the subsuffixes
>after you hit Submit and you end up with multiple copies of the
>ldap suffix appended to the subsuffix values.
Then, correct SWAT as well.
>Anyway, this patch fixes things although it does change current
>behaviour however it changes it to what the documentation says.
IMVHO
'ldap suffix' implies "suffix for everything".
'ldap {user,group,machine} suffix' implies "suffix for
{user,group,machines} subtrees in the DIT"
then it is obvious that the actual DN to use would be:
{uid=%s,cn=%s,cn=%s},$ldap_*_suffix,$ldap_suffix
>Tim.
Regards,
J.L.
More information about the samba-technical
mailing list