Handling spaces in DNs

Andrew Bartlett abartlet at samba.org
Fri Oct 26 09:16:39 GMT 2007 

On Thu, 2007-10-25 at 08:35 -0400, simo wrote:
> On Thu, 2007-10-25 at 13:31 +1000, Andrew Bartlett wrote:
> > On Wed, 2007-10-24 at 08:27 -0400, simo wrote:
> > > On Wed, 2007-10-24 at 15:40 +1000, Andrew Bartlett wrote:
> > > > The work done a while back to limit how often we parsed and unparse a DN
> > > > has had an unusual side-effect, that I would like some assistance in
> > > > solving.
> > > > 
> > > > If we add a DN of the form:
> > > > 
> > > > cn=admins ,cn=users,dc=samba,dc=example,dc=org
> > > > 
> > > > Then the DN will remain in the database in that form, including the
> > > > extra space around "admins".
> > > 
> > > This is just a bug, spaces at the end of the RDN components should just
> > > be removed.
> > > 
> > > >   For maximum retention of information,
> > > > while retaining a normalised form, it should be added like:
> > > > 
> > > > CN=admins,CN=users,DC=samba,DC=example,DC=org
> > > > 
> > > > Do we need to add a 'normalised DN' function to LDB, or override the
> > > > current linearized form?  Would doing so negate the speed benefits that
> > > > created this approach in the first place?
> > > 
> > > It depends how we add it and where.
> > > 
> > > > I'm hitting this in the ldap.js test, which now actually tests this
> > > > area.  I've had to comment out the assert for now, see the attached
> > > > patch. 
> > > 
> > > I will try to carve some time to fix this, please remind me if you don't
> > > see anything by the end of the week.
> > 
> > The other thing we need to do is ensure that the DN is formed in the
> > same case as the parents.  Ie, if the parents are:
> > 
> > CN=Users,DC=samba4,DC=abartlet,DC=net
> > 
> > Then we shouldn't allow a DN of
> > CN=Admins,DC=uSeRs,DC=samba4,DC=abartlet,DC=NET
> > 
> > This falls out naturally if your DB doesn't actually include it's
> > parents by name, but otherwise I think we should normalise this. 
> 
> At this point I am seriously considering making sure we always
> canonicalize it before storing it. Unless there is some braindamage core
> MMC application that rely on some case being maintained this is the
> natural way to go.

I really don't want to do that, as it will mean DNs are all UPPER CASE.

I'm currently in the process of writing a module to set the preferred DN
form, based on the parent and a common style. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20071026/7e2f44a0/attachment.bin

More information about the samba-technical mailing list