Object(OR-Name) syntax handling

Andrew Bartlett abartlet at samba.org
Mon Nov 16 17:04:34 MST 2009

On Tue, 2009-11-17 at 01:24 +0200, Kamen Mazdrashki wrote:
> Hi Andrew,
> If you are to continue working on DSSYNC test,
> could you please consider to apply attached 
> patches to your branch, so I won't need to merge 
> them again and again?

Sure, I've merged the patches that are ready. 

> As for Object(OR-Name) syntax handling, I think
> I did it right this time (or at least in the
> right direction -> 0007...patch). 
> I am attaching also ldifs for the attribute
> I am testing with (it comes from Exchange 
> provisioning). Files: "authOrig_attr.ldif.txt"
> and "drsuapi_user.ldif.txt".
> Files: "dssync-DRS_msg.ldif.txt" and 
> "dssync-LDAP_msg.ldif.txt" contains what I got
> in DSSYNC test for drs_msg and ldap_msg respectively.
> What I find strange here is that 'authOrig' attribute
> value is returned as DS-DN from DRSUAPI (which what
> I was expecting). But from LDAP it is returned as
> plain DN. Perhaps I don't quite understand 
> Object(OR-Name) syntax description from MS docs.

It looks like we need to handle it as an extended DN in DRSUAPI, but not
to honour the extended DN control for this attribute over LDAP.  That
is, we need to modify the exended_dn_out module to always strip the GUID
from the DN, regardless of the client's request. 

Then we need to write a special case handler for this attribute in the

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091117/7181a997/attachment.pgp>

More information about the samba-technical mailing list