LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode
Andrew Bartlett
abartlet at samba.org
Wed Mar 28 21:57:36 MDT 2012
On Wed, 2012-03-28 at 12:18 -0700, Matthieu Patou wrote:
> On 03/27/2012 09:41 AM, Matthias Dieter Wallnöfer wrote:
> > Hi ekacnet,
> >
> > yes in fact "(distinguishedName=...)" as search filter works perfectly
> > okay against Windows.
> >
> And what about samba ? did your patch changed this behavior ?
Yes, this was a deliberate behaviour change to make Samba more like
Windows AD behaviour here. The original dn thing came from the days
when ldb was a lightweight ldap-like DB without the strictness that we
now have in AD behaviour. At the time it was, and in non-AD databases
it is, actually quite neat.
I discussed this with Matthias a while back, and now that he came up
with a clean implementation, I was glad to merge his patches.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list