[PATCH][SAMBA4] Ambiguous Name Resolution module
Andrew Bartlett
abartlet at samba.org
Wed Dec 12 21:20:59 GMT 2007
On Wed, 2007-12-12 at 09:28 -0500, simo wrote:
> On Wed, 2007-12-12 at 23:17 +1100, Andrew Bartlett wrote:
> > Attached is a patch to partially implement ambigious name resolution.
> > Apparenelty this is a big feature used by outlook, and inherited from
> > exchange into AD, but it is also used by the 'find' feature in the
> > Active Directory users and computers plugin.
> >
> > comments?
>
> So this is not subject to a control ? Interesting (and depressing)
No, it triggers on searching for the attribute 'anr'.
> > +/**
> > + * Given the match for an 'ambigious name resolution' query, create a
> > + * parse tree with an 'or' of all the anr attributes in the schema.
> > + */
> > +
> > +typedef struct ldb_parse_tree *(*ldb_parse_tree_callback_t)(struct
> > ldb_parse_tree *tree,
> > + const
> > struct ldb_val *match,
> > + void
> > *context);
>
> Why do you call this a callback when it is not ?
> As far as I can see it is always called before the requested is passed
> down.
It is a callback a different sense. It is the callback from the parse
tree walker.
> > +struct ldb_parse_tree *anr_replace_callback(struct ldb_parse_tree
> > *tree,
> > + const struct ldb_val
> > *match,
> > + void *context)
> > +{
> > + struct anr_context *anr_context = talloc_get_type(context,
> > struct anr_context);
> > + struct ldb_module *module = anr_context->module;
> > + struct ldb_parse_tree *tmp_tree, *prefix_match;
> > + enum ldb_parse_op op;
> > + struct dsdb_attribute *cur;
> > + const struct dsdb_schema *schema =
> > dsdb_get_schema(module->ldb);
> > + if (!schema) {
> > + ldb_asprintf_errstring(module->ldb, "no schema with
> > which to construct anr filter");
> > + return NULL;
> > + }
> > +
> > + anr_context->found_anr = true;
> > +
> > + if (match->length > 1 && match->data[0] == '=') {
> > + DATA_BLOB *match2 = talloc(tree, DATA_BLOB);
> > + *match2 = data_blob_const(match->data+1, match->length
> > - 1);
> > + if (match2 == NULL){
> > + ldb_oom(module->ldb);
> > + return NULL;
> > + }
> > + match = match2;
> > + op = LDB_OP_EQUALITY;
> > + } else {
> > + op = LDB_OP_SUBSTRING;
> > + }
> > + for (cur = schema->attributes; cur; cur = cur->next) {
> > + if (!(cur->searchFlags & 0x4)) continue;
>
> How many attributes do have this search flag ?
About 9 by default.
> > + /* TODO: Add a callback, and ensure we retry the search with
> > surname and given name if we fail to match */
>
> Can you explain this?
> Actually can you ex-plain or point to documentation that explain how ANR
> is supposed to work ?
http://support.microsoft.com/kb/243299 gives the best description I've
seen so far. Other than that, I'll extend ldap.js again to prove it.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20071213/d1bc2c12/attachment.bin
More information about the samba-technical
mailing list