Endi's Bug 7530 patches (LDAP backend)

Andrew Bartlett abartlet at samba.org
Wed Jul 7 19:15:38 MDT 2010

On Mon, 2010-06-28 at 20:41 -0400, Endi Sukma Dewata wrote:
> Hi Andrew,
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > The expand_nested_groups patch will work, but I do not wish us to take
> > this approach.  The LDAP backend needs to provide, one way or another,
> > this information - if we start to have fallbacks in the code, we will
> > duplicate the whole extended DN infrastructure in each caller.  The
> > OpenLDAP backend provides this by a server-side module, and either
> > Fedora DS must do the same, or fake it up in a Samba module at the
> > bottom of the stack. 
> Could you point me to the OpenLDAP module that handles this? Thanks!

I'm sorry, I wasn't thinking over the history here when I made this
comment, nor did I look into it properly.  I get the same failure
against OpenLDAP, and Fedora DS has implemented the control required
here for quite some time now.  

I'm going to debug what is really going on here today. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100708/c7cdb9ea/attachment.pgp>

More information about the samba-technical mailing list