ldap filter gone and sambadomainnname not checked

simo idra at samba.org
Wed Mar 8 15:00:35 GMT 2006

On Wed, 2006-03-08 at 11:55 +0100, Volker Lendecke wrote:
> On Wed, Mar 08, 2006 at 09:50:32AM +0100, Pierre Filippone wrote:
> > Again, thank you for your suggestions and I will definitely use one of 
> > them, but this does not change my opinion that an application, which uses 
> > LDAP should have customizable filters. I know, it's simple to make 
> Damn, I must admit that this can be a useful feature. :-)
> To be honest, there have been places where I could have made
> use of it as well. I've always found workarounds, which
> turned out to be cleaner in many ways, but Samba3 is so full
> of nice little gems (others might call them hacks...) that
> this one does not hurt.
> The attached (rather untested) patch revives ldap filter
> under a different name and hooks in much deeper, into every
> single search. It &'s the 'ldap restrict filter' to the
> searches.
> I don't yet check this in, I'd like to hear a word from
> Jerry or Jeremy. And of course testing results from you :-)

Volker have you ever seen how postfix works wrt ldap ?
It lets you define your own queries completely.

I think this filter is just the same as before, we do queries for many
different things, like the domain object and I do  not think a single
immutable filter for all queries is a great thing.

I may take time for a little analysis of our queries and see if we can
find out a reduced set of queries that perhaps combined would fulfill
all our requirements and propose a set of options to be able to
user-specify the all in smb.conf

Only, I am not sure we want to follow this path.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list