[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)



--=-z3vwQM0YDtLESpiQMoYR
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2009-04-14 at 10:09 +0200, Pierangelo Masarati wrote:
> ----- abartlet@samba.org wrote:
>=20
> > Full_Name: Andrew Bartlett
> > Version: CVS HEAD
> > OS: Fedora 10
> > URL: http://msdn.microsoft.com/en-us/library/cc223167(PROT.13).aspx
> > Submission from: (NULL) (59.167.251.137)
> >=20
> >=20
> > Active Directory always presents an attribute 'name' that is always
> > equal to the
> > relative distinguished name.  AD allows only one RDN, but I don't mind
> > if this
> > can be multi-valued for the multi-RDN case.  It is equal to the value
> > of the RDN
> > as presented in the RDN.
> >=20
> > This is not simply the subtype 'CN -> name', but a new attribute
> > unrelated to
> > the existing definition of 'name'.
> >=20
> > I don't care what name is assigned to 'name', as I can easily remap
> > attributes.
> >=20
> > It would be great if this could be constructed such that it may be
> > declared to
> > be unique for a particular one-level search (also an AD requirement,
> > but not one
> > Samba4 requires or enforces at this time). =20
>=20
> The only problem I see in defining such an attribute is that its
> syntax should allow the value of any syntax, so it should probably be
> octetString or something like that. =20

I think the AD document I reference explains that only some attributes
can be an RDN, so it limits them to those with a unicode string
representation I suppose.=20

There is another attribute that follows the 'type' of RDN btw (never
seen it used, but it's in the docs).=20

> From the implementation point of view, what operations should it be
> used for?  If you only need it to be returned with searches, and to be
> compared, then the implementation would be trivial (it could be
> dynamically generated, much like entryDN, as far as I can tell).  If
> you need to search for it, namely use it in a filter, then it might be
> better to store it in the database.  This would require to handle add
> and modrdn, forbid modify, and nothing else.

Like entryDN, we need to be able to search on it, so it should probably
be persistent.

Andrew Bartlett

--=20
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

--=-z3vwQM0YDtLESpiQMoYR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQBJ5En/z4A8Wyi0NrsRAr6BAJ9TfUOgXqi25ArjKIXGVWDacL770gCgql6i
64vwlQj1AfncVVS2bCJlH5g=
=31Zg
-----END PGP SIGNATURE-----

--=-z3vwQM0YDtLESpiQMoYR--