How to implement Extended DNs for Samba4?

Andrew Bartlett abartlet at
Tue Oct 21 09:02:43 GMT 2008

On Tue, 2008-10-21 at 00:21 -0700, Howard Chu wrote:
> Andrew Bartlett wrote:
> > At the CIFS plugfest it became clear that Samba3 requires that we
> > complete the implementation of 'extended DN' replies in the Samba4 LDAP
> > server.

> We already carry a bunch of Samba-related modules in our contrib branch. I 
> don't see any problem with adding this one. In this case all you need is a 
> module to implement parsing and processing of your magic Extended DN control.


> Frankly, I can see this being generally useful, if you define the semantics 
> broadly enough. For example, the request control could take a data argument 
> providing:
> 	MagicData ::= SEQUENCE of DerefSpec
> 	DerefSpec ::= SEQUENCE {
> 		DerefAttr	attributedescription,
> 		attributes	attrlist }
> 	attrlist ::= SEQUENCE of attr attributedescription
> So for each DerefAttr, dereference the name and extract the attributes from 
> the target entry, and return them all in the response control.

I would really, really love to have someone knock up a module like this
for me.  (I'm unlikely to do so successfully).

The only comment I have is that these links would need to cross database
boundaries (like the refint and memberof modules now do).  We should
also possibly have some way to work when pointing at targets outside the
current directory (which we don't support at the moment, but I'm told we
will need to support).

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list