[IPA] Attribute dereferencing & storing SID as string
Endi Sukma Dewata
edewata at redhat.com
Thu Oct 22 18:47:08 MDT 2009
Andrew,
----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> I do wish we had a way to make the ldb_map code still handle this
> mapping. But for the small number of attributes here so far, I
> suppose this is OK.
> Yes, I think it is necessary - there is an assumption that attributes of
> a particular name have a particular Syntax, and while it technicality
> still matches, it's not what an application developer who happens to
> encounter this on a Fedora DS system would expect.
>
> As such, please use SambaSID (and tell Samba4 not to generate an
> objectSID attribute by making it a 'skip' attribute in the syntax map
> file).
The problem with skipping objectSID is that there are some object classes
that are using it. We need to replace the objectSID in those object
classes to sambaSID.
Renaming objectSID to sambaSID works, it will replace the objectSID in
the object classes as well, but then it will generate a sambaSID attribute
that conflicts with Samba 3's schema.
I think what we need is the ability to rename an attribute but not generate
the schema. Should we add another paramater in the mapping configuration?
For example:
objectSid:sambaSID:skip
Also, renaming objectSID to sambaSID will affect the dereferencing module
too since now it should look for sambaSID instead of objectSID.
Any suggestions? Thanks.
--
Endi S. Dewata
More information about the samba-technical
mailing list