Extending LDB for Extended DNs

Andrew Bartlett abartlet at samba.org
Fri Nov 14 07:23:29 GMT 2008 

On Wed, 2008-11-05 at 22:33 +1100, Andrew Bartlett wrote:
> On Tue, 2008-10-28 at 08:13 +0100, Stefan (metze) Metzmacher wrote:
> > Andrew Bartlett schrieb:
> > > Simo,
> > > 
> > > Per our discussion on IRC last night, I wanted to clarify with you want
> > > I would like to do to DN support in Samba4, and how I would like to
> > > extend LDB to help with this.
> > > 
> > > The problem of extended DNs is partially indicated by:
> > > 
> > > http://msdn.microsoft.com/en-us/library/cc200561.aspx
> > > 
> > > Firstly, I would like to try and support sending 'extended dns' to
> > > clients, as required by the extended DN control.  
> > > 
> > > To do this properly, we need to do better than extended_dn.c does at the
> > > moment - it relies on the fact that if you stuff something into
> > > ldb_dn_new(), then it will appear in the DN - the DN structure does not
> > > contain the parsed DN.
> > > 
> > > Secondly, I would like to accept the alternate DN forms 
> > > 
> > > http://msdn.microsoft.com/en-us/library/cc200459.aspx
> > > 
> > > My hope is that these should be parsed as 'normal' DNs as much as
> > > possible - then canonicalised into a form we can actually look up (or
> > > used directly if possible). 
> 
> > > My plan is to extend the ldb DN parser's existing 'TODO' handling of
> > > <SID= and <GUID= to be a general set of key-value pairs, much like the
> > > DN components are.  Samba4 can then register a custom handler to parse
> > > and print these attributes (with 'string as is' being the default).
> > > This will be much like we handle all other 'samba special' types in
> > > LDB. 
> > 
> > I think that's the correct way of doing it...
> 
> > I thing that will be a big step forward (but please remember that next
> > thing is the handling of per attribute replication meta data for linked
> > attributes:-)
> 
> Great.  I've been working on this hard for the past week or so.  See
> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog for the
> current work in progress.
> 
> I'm currently working on the comprehensive testsuite for DN behaviours,
> particularly with the extended DNs.
> 
> I would appreciate any comments or feedback,

This work has taken far, far longer than I ever expected, but it seems
that a SID or a GUID is just as valid as a DN in *every* area where it
is used.  As such, a fairly major rework has been required to translate
these into a 'normal' DN.

I've not yet got a working 'store the full DN' module working, but I
have largely got the input side working, and make test passing (broken
again as I test more, but what was there passes).  I've updated my GIT
tree again. 

This looks like taking another week to finish, after which I hope to
publish another Samba4 alpha. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081114/9e1a7667/attachment.bin

More information about the samba-technical mailing list