LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode

Andrew Bartlett abartlet at samba.org
Wed Mar 28 21:57:36 MDT 2012

On Wed, 2012-03-28 at 12:18 -0700, Matthieu Patou wrote:
> On 03/27/2012 09:41 AM, Matthias Dieter Wallnöfer wrote:
> > Hi ekacnet,
> >
> > yes in fact "(distinguishedName=...)" as search filter works perfectly 
> > okay against Windows.
> >
> And what about samba ? did your patch changed this behavior ?

Yes, this was a deliberate behaviour change to make Samba more like
Windows AD behaviour here.  The original dn thing came from the days
when ldb was a lightweight ldap-like DB without the strictness that we
now have in AD behaviour.  At the time it was, and in non-AD databases
it is, actually quite neat.

I discussed this with Matthias a while back, and now that he came up
with a clean implementation, I was glad to merge his patches.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list