[PATCH][SAMBA4] Ambiguous Name Resolution module

Wed Dec 12 21:20:59 GMT 2007

On Wed, 2007-12-12 at 09:28 -0500, simo wrote:
> On Wed, 2007-12-12 at 23:17 +1100, Andrew Bartlett wrote:
> > Attached is a patch to partially implement ambigious name resolution.
> > Apparenelty this is a big feature used by outlook, and inherited from
> > exchange into AD, but it is also used by the 'find' feature in the
> > Active Directory users and computers plugin.
> > 
> > comments?
> 
> So this is not subject to a control ? Interesting (and depressing)

No, it triggers on searching for the attribute 'anr'.  

> > +/**
> > + * Given the match for an 'ambigious name resolution' query, create a
> > + * parse tree with an 'or' of all the anr attributes in the schema.  
> > + */
> > +
> > +typedef struct ldb_parse_tree *(*ldb_parse_tree_callback_t)(struct
> > ldb_parse_tree *tree, 
> > +                                                          const
> > struct ldb_val *match,
> > +                                                          void
> > *context);
> 
> Why do you call this a callback when it is not ?
> As far as I can see it is always called before the requested is passed
> down.

It is a callback a different sense.  It is the callback from the parse
tree walker. 

> > +struct ldb_parse_tree *anr_replace_callback(struct ldb_parse_tree
> > *tree, 
> > +                                           const struct ldb_val
> > *match,
> > +                                           void *context)
> > +{
> > +       struct anr_context *anr_context = talloc_get_type(context,
> > struct anr_context);
> > +       struct ldb_module *module = anr_context->module;
> > +       struct ldb_parse_tree *tmp_tree, *prefix_match;
> > +       enum ldb_parse_op op;
> > +       struct dsdb_attribute *cur;
> > +       const struct dsdb_schema *schema =
> > dsdb_get_schema(module->ldb);
> > +       if (!schema) {
> > +               ldb_asprintf_errstring(module->ldb, "no schema with
> > which to construct anr filter");
> > +               return NULL;
> > +       }
> > +
> > +       anr_context->found_anr = true;
> > +
> > +       if (match->length > 1 && match->data[0] == '=') {
> > +               DATA_BLOB *match2 = talloc(tree, DATA_BLOB);
> > +               *match2 = data_blob_const(match->data+1, match->length
> > - 1);
> > +               if (match2 == NULL){
> > +                       ldb_oom(module->ldb);
> > +                       return NULL;
> > +               }
> > +               match = match2;
> > +               op = LDB_OP_EQUALITY;
> > +       } else {
> > +               op = LDB_OP_SUBSTRING;
> > +       }
> > +       for (cur = schema->attributes; cur; cur = cur->next) {
> > +               if (!(cur->searchFlags & 0x4)) continue;
> 
> How many attributes do have this search flag ?

About 9 by default. 

> > +       /* TODO:  Add a callback, and ensure we retry the search with
> > surname and given name if we fail to match */
> 
> Can you explain this?
> Actually can you ex-plain or point to documentation that explain how ANR
> is supposed to work ?

http://support.microsoft.com/kb/243299 gives the best description I've
seen so far.  Other than that, I'll extend ldap.js again to prove it.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20071213/d1bc2c12/attachment.bin