[PATCH] Samba 3 winbindd group queries using bitwise matching
rule
Jeremy Allison
jra at samba.org
Fri Sep 23 22:28:59 GMT 2005
On Fri, Sep 23, 2005 at 06:02:43PM +0200, Guenther Deschner wrote:
> Hi,
>
> since we know how to do LDAP queries with the bitwise matching rule for a
> long time, why don't we use it?
>
> It makes a lot of sense in winbindd's group queries, making them much more
> accurate. An example: when winbindd is just interested in global and
> universal groups (from a trusted domain) it's just pointless to dig
> through hundreds of builtin and domain local groups, instead it's better
> to not even shovel them over the wire and exclude them from the search
> directly.
>
> Successfully tested latest ADS LDAP servers (w2k3 sp1 and w2k sp4 + all
> fixes).
>
> Amazingly even the documented example search-strings from Microsoft fail
> to succeed with w2k3 sp0 and w2k4 sp4 (without additional fixes) (verified
> with two diferrent LDAP APIs).
This looks really good - can you put it in HEAD please ?
Thanks,
Jeremy.
More information about the samba-technical
mailing list