[IPA] SID allocation using DNA plugin

Andrew Bartlett abartlet at samba.org
Wed Nov 4 18:26:43 MST 2009


On Wed, 2009-11-04 at 19:15 -0500, Endi Sukma Dewata wrote:
> Andrew,
> 
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> 
> > > Attach is another patch for the other problem I found during
> > > provisioning. The relax control wasn't defined in the list
> > > so the ldap_encode() failed and the request was never sent
> > > to FDS.
> > 
> > OK.  The patch's comment is incorrect however - it does have a network
> > representation - it is a well-known and well-defined OID for LDAP
> > network operations.
> 
> So do we need to write handlers for this control? 

As far as I'm aware I think it's just an OID with no data.   So your
patches have been correct, except for the comment.  Sorry if I was
unclear :-)

http://tools.ietf.org/html/draft-zeilenga-ldap-relax-03 section 2. 

(it is unclear to me that this is the right OID for that doc, but it
will do for now). 

> Or do we still want to
> remove it before sending the request to the backend (i.e. internal only)?
> Please see the updated patch.
> 
> > Yes, this is the approach I was trying to head towards. Just make sure
> > we don't run the LDB specific functions when we are trying to use
> > OpenLDAP or Fedora DS. 
> 
> Ok, I'll try to make several incremental changes rather than one big
> change. Thanks.

Thanks.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091105/fe086451/attachment.pgp>


More information about the samba-technical mailing list