Endi's Bug 7530 patches (LDAP backend)

Andrew Bartlett abartlet at samba.org
Thu Jul 8 01:31:18 MDT 2010

On Thu, 2010-07-08 at 11:15 +1000, Andrew Bartlett wrote:
> On Mon, 2010-06-28 at 20:41 -0400, Endi Sukma Dewata wrote:
> > Hi Andrew,
> > 
> > ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > 
> > > The expand_nested_groups patch will work, but I do not wish us to take
> > > this approach.  The LDAP backend needs to provide, one way or another,
> > > this information - if we start to have fallbacks in the code, we will
> > > duplicate the whole extended DN infrastructure in each caller.  The
> > > OpenLDAP backend provides this by a server-side module, and either
> > > Fedora DS must do the same, or fake it up in a Samba module at the
> > > bottom of the stack. 
> > 
> > Could you point me to the OpenLDAP module that handles this? Thanks!
> I'm sorry, I wasn't thinking over the history here when I made this
> comment, nor did I look into it properly.  I get the same failure
> against OpenLDAP, and Fedora DS has implemented the control required
> here for quite some time now.  
> I'm going to debug what is really going on here today. 

I have to say, I've not got very far with this, and I'll have to start
debugging the OpenLDAP side of things soon.  It seems to me that OL is
no longer responding with the dereference control.

Attached is the patch I started to use is attempting to understand this,
in case it helps your debugging.  

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dereference-testing-hacks.patch
Type: text/x-patch
Size: 6086 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100708/04d91345/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100708/04d91345/attachment.pgp>

More information about the samba-technical mailing list