ber_read_OID_String patch

Andrew Bartlett abartlet at
Wed Sep 23 09:01:40 MDT 2009

On Wed, 2009-09-23 at 15:36 +0300, Kamen Mazdrashki wrote:
> Hi Andrew,
> On Wed, Sep 23, 2009 at 08:42, Andrew Bartlett <abartlet at> wrote:
> > We hit the need for this at the plugfest, and while metze does not like
> > the idea of keeping the binary form in the in-memory structure, I'm more
> > open to it.  Most important will be to implement the OID to prefix map
> > code, and to store the prefixmap on disk as a string.
> In case we don't implement binary prefix map in memory, then we need some 
> kind of 'adaptor' code to translate between S4-prefix-map <=> DRS_prefix_map. 

Yes.  See the way I did that in the patch in my branch (parsing the DRS
partial OID into a string at the NDR layer)

> I am about to implement a reference implementation as a torture test
> in following few days.
> Btw, there is a torture test already implemented, you can find it at:
> The test decodes all attribute OIDs returned during replication and 
> verifies those attributes exists in schema - runs perfectly against W2K3-R3.
> >
> > We decided on the format<last element with the last two bytes
> > wiped to zero>: to indicate a partial OID, and for the 'normal'
> > types.  (last bit of oid oid less than 16385)
> >
> What are the considerations behind this decision?
> Frankly said, I can’t see any significant benefits from storing prefix map
> this way.

Comprehension.  We must be able to read and modify the prefixmap in a
text format.  

> And the biggest problem is - luck of documentation.
> If we follow ATDS and DRSR specs from Microsoft we will have a documentation 
> for Samba itself - which is great. 
> Please consider this. 
> It is important for maintainability and for future development.
> Right now it is not very easy for new developer to start sending 
> patches for Samba. And diverting from the Only-Spec-Out-There shall not 
> make Samba code comprehension easier.

Given we don't send this structure over the network, we should not find
ourself slavishly following the Microsoft specification.  We just need
to have a compatible implementation.  

We can explain in the code how to understand the new algorithm and how
it maps to the string-based manipulation, with reference to the

This is a pretty isolated and odd part of the codebase - if we need to
make things easier for new developers, we can improve or start the
python bindings.  Most developers are not so unfortunate as to be
assigned this as their first task :-)

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list