Extending LDB for Extended DNs

Stefan (metze) Metzmacher metze at samba.org
Fri Nov 7 11:31:27 GMT 2008 

> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=e887969c2a413c4c1119735a5131b3af5b077814
> 
> +       for (i=0; i < req->op.add.message->num_elements; i++) {
> +               const struct ldb_message_element *el =
> &req->op.add.message->elements[i];
> +               const struct dsdb_attribute *schema_attr
> +                       = dsdb_attribute_by_lDAPDisplayName(ac->schema,
> el->name);
> +               if (!schema_attr) {
> +                       ldb_asprintf_errstring(module->ldb,
> +                                              "attribute %s is not a
> valid attribute in schema", el->name);
> +                       return LDB_ERR_OBJECT_CLASS_VIOLATION;
> 
> +               }
> +
> +               /* We only setup an extended DN GUID on these particular
> DN objects */
> +               if (!((strcmp(schema_attr->attributeSyntax_oid,
> "2.5.5.1") == 0) ||
> +                    (strcmp(schema_attr->attributeSyntax_oid,
> "2.5.5.7") == 0))) {
> +                       continue;
> +               }
> +
> +               for (j = 0; j < el->num_values; j++) {
> +                       ret = extended_store_replace(ac,
> req->op.add.message->elements, &el->values[j]);
> +                       if (ret != LDB_SUCCESS) {
> +                               return ret;
> +                       }
> +               }
> +       }
> 
> maybe it would make sense to have a function pointer in the dsdb_syntax
> structure reached via schema_attr->syntax, this would be a bit more generic.
> 
> But we can also make that change later...

Also 2.5.5.7 is not a plain DN it's a DN + a Binary Blob as Hex-String:

wellKnownObjects:
B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}

So there's just a BLOB attached, the rest of the dn semantics are the
same. And there's also 2.5.5.14 which is a DN + an UTF8 String

S:4:Test:DC=Domain,DC=com

See http://www.unav.es/cti/ldap-smb/draft-armijo-ldap-syntax-00.html and
http://www.watersprings.org/pub/id/draft-armijo-ldap-dirsync-01.txt

BTW: we need to fill in all extended dn details even if the attribute
doesn't have a back link...

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081107/06b34375/signature.bin

More information about the samba-technical mailing list