[Samba] Samba4: Full schema problems
Andrew Bartlett
abartlet at samba.org
Tue May 12 06:37:30 GMT 2009
On Sat, 2009-05-09 at 15:58 +0200, Michael Ströder wrote:
>
> Attribute 'subSchemaSubEntry' in the rootDSE correctly points to
> CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN (like on AD) but there
> are no schema descriptions in there.
>
> Attribute 'subSchemaSubEntry' in all other entries *falsely* points to
> CN=Subschema. I guess that DN generated by OpenLDAP.
Hmm. This is unfortunate. We are going to need a way to block AD
clients from seeing this attribute. Is there any sane way (an ACI
perhaps?) to prohibit reading this attribute from the OpenLDAP side?
Otherwise, I'll put in a rule in our 'mapping' table to map all queries
for subSchemaSubEntry to
samba4NeverWantsToHaveSubSchemaSubEntryReturned :-)
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090512/aac367c4/attachment.bin
More information about the samba-technical
mailing list