Extending LDB for Extended DNs
Stefan (metze) Metzmacher
metze at samba.org
Thu Nov 6 12:26:42 GMT 2008
Andrew Bartlett schrieb:
> On Tue, 2008-10-28 at 08:13 +0100, Stefan (metze) Metzmacher wrote:
>> Andrew Bartlett schrieb:
>>> Simo,
>>>
>>> Per our discussion on IRC last night, I wanted to clarify with you want
>>> I would like to do to DN support in Samba4, and how I would like to
>>> extend LDB to help with this.
>>>
>>> The problem of extended DNs is partially indicated by:
>>>
>>> http://msdn.microsoft.com/en-us/library/cc200561.aspx
>>>
>>> Firstly, I would like to try and support sending 'extended dns' to
>>> clients, as required by the extended DN control.
>>>
>>> To do this properly, we need to do better than extended_dn.c does at the
>>> moment - it relies on the fact that if you stuff something into
>>> ldb_dn_new(), then it will appear in the DN - the DN structure does not
>>> contain the parsed DN.
>>>
>>> Secondly, I would like to accept the alternate DN forms
>>>
>>> http://msdn.microsoft.com/en-us/library/cc200459.aspx
>>>
>>> My hope is that these should be parsed as 'normal' DNs as much as
>>> possible - then canonicalised into a form we can actually look up (or
>>> used directly if possible).
>
>>> My plan is to extend the ldb DN parser's existing 'TODO' handling of
>>> <SID= and <GUID= to be a general set of key-value pairs, much like the
>>> DN components are. Samba4 can then register a custom handler to parse
>>> and print these attributes (with 'string as is' being the default).
>>> This will be much like we handle all other 'samba special' types in
>>> LDB.
>> I think that's the correct way of doing it...
>
>> I thing that will be a big step forward (but please remember that next
>> thing is the handling of per attribute replication meta data for linked
>> attributes:-)
>
> Great. I've been working on this hard for the past week or so. See
> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog for the
> current work in progress.
>
> I'm currently working on the comprehensive testsuite for DN behaviours,
> particularly with the extended DNs.
>
> I would appreciate any comments or feedback,
http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=e887969c2a413c4c1119735a5131b3af5b077814
+ for (i=0; i < req->op.add.message->num_elements; i++) {
+ const struct ldb_message_element *el =
&req->op.add.message->elements[i];
+ const struct dsdb_attribute *schema_attr
+ = dsdb_attribute_by_lDAPDisplayName(ac->schema,
el->name);
+ if (!schema_attr) {
+ ldb_asprintf_errstring(module->ldb,
+ "attribute %s is not a
valid attribute in schema", el->name);
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* We only setup an extended DN GUID on these particular
DN objects */
+ if (!((strcmp(schema_attr->attributeSyntax_oid,
"2.5.5.1") == 0) ||
+ (strcmp(schema_attr->attributeSyntax_oid,
"2.5.5.7") == 0))) {
+ continue;
+ }
+
+ for (j = 0; j < el->num_values; j++) {
+ ret = extended_store_replace(ac,
req->op.add.message->elements, &el->values[j]);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+ }
maybe it would make sense to have a function pointer in the dsdb_syntax
structure reached via schema_attr->syntax, this would be a bit more generic.
But we can also make that change later...
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081106/fbaa3c8f/signature.bin
More information about the samba-technical
mailing list