How to implement Extended DNs for Samba4?
Andrew Bartlett
abartlet at samba.org
Tue Oct 21 09:02:43 GMT 2008
On Tue, 2008-10-21 at 00:21 -0700, Howard Chu wrote:
> Andrew Bartlett wrote:
> > At the CIFS plugfest it became clear that Samba3 requires that we
> > complete the implementation of 'extended DN' replies in the Samba4 LDAP
> > server.
> We already carry a bunch of Samba-related modules in our contrib branch. I
> don't see any problem with adding this one. In this case all you need is a
> module to implement parsing and processing of your magic Extended DN control.
OK.
> Frankly, I can see this being generally useful, if you define the semantics
> broadly enough. For example, the request control could take a data argument
> providing:
> MagicData ::= SEQUENCE of DerefSpec
>
> DerefSpec ::= SEQUENCE {
> DerefAttr attributedescription,
> attributes attrlist }
>
> attrlist ::= SEQUENCE of attr attributedescription
>
> So for each DerefAttr, dereference the name and extract the attributes from
> the target entry, and return them all in the response control.
I would really, really love to have someone knock up a module like this
for me. (I'm unlikely to do so successfully).
The only comment I have is that these links would need to cross database
boundaries (like the refint and memberof modules now do). We should
also possibly have some way to work when pointing at targets outside the
current directory (which we don't support at the moment, but I'm told we
will need to support).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081021/afab7f05/attachment.bin
More information about the samba-technical
mailing list