[PATCH] add "net ads groupmember" functionality

Henrik Nordstrom hno at squid-cache.org
Wed May 12 19:43:44 GMT 2004

On Wed, 12 May 2004, David Wojtowicz wrote:

> Is it sufficient to accomodate a backslash-escaped "," which is how ADS
> seems to encode a "," in the name, or is there another preferred method of
> exploding dn's as it is just a string? The only other way I could think of
> would be to lookup the dn in the directory and ask for it's cn, but that
> seems expensive.

backslash-escaping should work as this is how LDAP handles "reserved
characters". The full ruleset on escaping of DN attribute values can be
found in RFC 2253 section 2.4, and how to parse a DN back into it's
decomposed form is described in section 2.5.  Reminds me that I have a
couple of other LDAP programs which needs to have this corrected..

Extracting the cn won't work other than for presentation purposes as this
is not guaranteed to be unique in the tree or even subtree.


More information about the samba-technical mailing list