[IPA] Attribute dereferencing & storing SID as string
abartlet at samba.org
Wed Oct 21 18:00:41 MDT 2009
On Wed, 2009-10-21 at 19:38 -0400, Endi Sukma Dewata wrote:
> Please review the attached patches:
> The first one fixes the attribute dereferencing for FDS because
> it requires different handling than OpenLDAP:
> Please let me know if this is the right way to fix it.
I do wish we had a way to make the ldb_map code still handle this
mapping. But for the small number of attributes here so far, I suppose
this is OK.
> The second one changes the storage format for SID in FDS from
> binary to string (we've discussed this before):
> The patch doesn't include changing the schema, do you think it's
> necessary? Currently it works using octet string syntax.
Yes, I think it is necessary - there is an assumption that attributes of
a particular name have a particular Syntax, and while it technicality
still matches, it's not what an application developer who happens to
encounter this on a Fedora DS system would expect.
As such, please use SambaSID (and tell Samba4 not to generate an
objectSID attribute by making it a 'skip' attribute in the syntax map
> Both of these are prerequisites for utilizing the DNA plugin to
> generate SID (we also have discussed this before):
> I don't have the patch for this yet.
> I have run the quicktest using the default backend and FDS backend
> and they completed successfully. The OpenLDAP test failed because
> of the problem we discussed in the other thread.
I'll fix that shortly.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the samba-technical