[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf hidden?

Andrew Bartlett wrote:

>>  > I can un-hide it for Samba (I have code that adds a list of attributes
>>  > to any query for *), but I just wanted to check there wasn't a more
>>  > elegant way to do it.

The only alternative I see consists in moving the addition of "memberOf"
to the list of attrs when it's empty, or '*' is present and either '+'
or 'extensibleObject' are absent, into slapd (again, using an overlay).

>>
>> If you're only interested in certain attributes you should not use * 
>> anyway since this would return also binary attributes like jpegPhoto and 
>> userCertificate which likely are of not much use for Samba, are they?
> 
> The problem is not Samba4, but Samba4's clients.  See, Samba4 is an LDAP
> proxy in this situation, and has a role simply to try and make OpenLDAP
> look more like AD than it does at present.  
> 
> Samba4's clients are written expecting AD's behaviour, and while I might
> hope that they would explicitly request the attributes they need, if I
> can make such mistakes in my test scripts, so can they...

The addition of this feature is (almost) trivial.  So the decision
should be based on:
  - should this "feature" be exposed to all users, or
  - should it be exposed only to users using samba4 as proxy?
I'll code it anyway (not now, perhaps later today) and let you decide
after experimenting.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------