[IPA] Samba storing extended DN in Fedora DS
rmeggins at redhat.com
Fri Oct 2 14:57:58 MDT 2009
Andrew Bartlett wrote:
> On Fri, 2009-10-02 at 15:50 -0400, Endi Sukma Dewata wrote:
>> The problem doesn't happen with the default TDB backend. The problem
>> doesn't happen with OpenLDAP backend because OpenLDAP doesn't use this
>> What should be the right behavior? Can a backlink work with just a
>> regular DN?
>> Should the linked_attributes be modified to use a regular DN? Or
>> should the
>> syntax be changed to something else? Thanks!
> This is why linked attributes are a required feature for a good LDAP
> backend. If you implement these correctly in the backend, then we won't
> need to load this module. Similarly, if you implement the 'dereference'
> control, then you don't need to store an extended DN at all - you make
> it up at runtime.
> (You may also determine it profitable to store extended DNs in your
> backend, for the same performance and possibly correctness reasons that
> Samba does - avoiding looking them up at runtime, but that's a separate
> In the short term, I think, Fedora DS should try to emulate OpenLDAP's
> current behaviour as closely as possible. (Which is why both have been
> on a TODO for Fedora DS for a while).
The current 389 (Fedora DS) 1.2.2 and later does implement the
dereference control, and I believe it works the same way as the OpenLDAP
> I hope this helps,
> Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
More information about the samba-technical