[PATCH] Add special users to Samba4 (bugzilla #4918)
Andrew Bartlett
abartlet at samba.org
Fri Aug 24 11:32:30 GMT 2007
On Fri, 2007-08-24 at 06:06 -0500, Andrew Kroeger wrote:
> Andrew Bartlett wrote:
> >> This last patch is the one that I anticipate the most feedback on.
> >> Given the special handling of the foreignSecurityPrincipal objectClass
> >> that appears to be special-cased for CN=ForeignSecurityPrincipals, I
> >> needed to add another special case for CN=WellKnows Security Principals.
> >> There may be a more general way to handle this, but I couldn't find any
> >> existing code that looked like it would help.(ldb_dn_canonical_string
> >
> > Could we do this a bit more generically: If no objectSid is present,
> > and the CN can be parsed as a SID, then use that, otherwise just apply
> > the template?
>
> Sounds good to me. I assume:
> - If objectSid is present, go forward with the case I have coded for and
> emit an error if anything goes wrong.
> - If objectSid is not present, and the CN cannot be parsed as an SID,
> emti an error just as the original code does.
>
> When you say "just apply the template", what does applying the template
> actually do? That was part of the original code that I copied into the
> new function I created without understanding what it actually does.
> When should/should not the template be applied?
So, what happens is that we detect certain objectClasses, and we have
found that some things seem do be 'default attributes'. We fill these
in from templates we put aside earlier.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070824/2c4a0ae5/attachment.bin
More information about the samba-technical
mailing list