[IPA] Attribute Linking and Indexing
Andrew Bartlett
abartlet at samba.org
Tue Oct 20 21:15:56 MDT 2009
On Tue, 2009-10-20 at 15:38 -0400, Endi Sukma Dewata wrote:
> Andrew (and others who gave me feedbacks),
>
> Thanks for the responses. I dug deeper and it seems that the problem
> is caused by the difference in the way OpenLDAP and FDS validate search
> base DN. Here's what happens:
>
> When the provisioning tool adds the wellKnownObjects attribute, the
> extended_dn_store LDB module will try to find the specified object in
> the directory. So it will issue a search operation with this base DN:
>
> B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,DC=SAMBA,
> DC=EXAMPLE,DC=COM
Aha! I think this is 'just a bug' related to the recent work to support
these DNs better with regard to replication. Tridge and I have plans
for how to fix it (the binary stuff should not be in the linearised
form), but have not done so yet.
It only works against Samba because we have the extra code to handle
this DN type, and so we didn't notice the error.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091021/5662a755/attachment.pgp>
More information about the samba-technical
mailing list