[PATCH]Re: ldap machine suffix behavior
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Jun 13 05:59:37 GMT 2003
At 13:38 12.06.2003 -0500, Gerald (Jerry) Carter wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 11 Jun 2003, Steve Langasek wrote:
>
> > The crucial difference seems to be that with the new patch, the 'ldap
> > suffix' is only appended if the 'ldap machine suffix' has a trailing
> > comma -- indicating that it's not a fully-qualified dn. So this is not
>
>no. It is always appended or at least should be. See
>param/loadparm.c:handle_ldap_sub_suffix(). If 'ldap suffix' has not been
>set then set the string and return. Otherwise append
>",ldap_ldap_suffix()" string to the new suffix. Set that string and
>return.
>
> pstrcpy(suffix, pszParmValue);
>
> if (! *Globals.szLdapSuffix ) {
> string_set( ptr, suffix );
> return True;
> }
> else {
> if ( *pszParmValue )
> pstrcat(suffix, ",");
> pstrcat(suffix, Globals.szLdapSuffix);
> }
>
>
>This means that you can have disparate suffixes by not defining 'ldap
>suffix' at all. Which is a better solution. Thus you can set
>
> ldap suffix = dc=plainjoe,dc=org
> ldap idmap suffix = ou=idmap
> ldap group suffix = ou=group
> ldap user suffix = ou=people
> ldap machine suffix = ou=people
>
>or
>
> ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
> ldap group suffix = ou=group,dc=plainjoe,dc=org
> ldap user suffix = ou=people,dc=plainjoe,dc=org
> ldap machine suffix = ou=computers,dc=some dn
an empty 'ldap suffix' is not accepted since all ldap searches are done on
lp_ldap_suffix().
the other suffixes are used when we add new records to the ldap database.
This valid in 3.0alpha24:
ldap suffix = dc=plainjoe,dc=org
ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
ldap group suffix = ou=group,dc=plainjoe,dc=org
ldap user suffix = ou=people,dc=plainjoe,dc=org
ldap machine suffix = ou=computers,dc=some dn
this will end in this (in 3.0.0beta1):
lp_ldap_suffix() = dc=plainjoe,dc=org
lp_ldap_idmap_suffix() =
ou=idmap,dc=plainjoe,dc=org,dc=plainjoe,dc=org
lp_ldap_group suffix() =
ou=group,dc=plainjoe,dc=org,dc=plainjoe,dc=org
lp_ldap_user_suffix() =
ou=people,dc=plainjoe,dc=org,dc=plainjoe,dc=org
lp_ldap_machine_suffix() = ou=computers,dc=some dn,dc=plainjoe,dc=org
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list