[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)
--=-z3vwQM0YDtLESpiQMoYR
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2009-04-14 at 10:09 +0200, Pierangelo Masarati wrote:
> ----- abartlet@samba.org wrote:
>=20
> > Full_Name: Andrew Bartlett
> > Version: CVS HEAD
> > OS: Fedora 10
> > URL: http://msdn.microsoft.com/en-us/library/cc223167(PROT.13).aspx
> > Submission from: (NULL) (59.167.251.137)
> >=20
> >=20
> > Active Directory always presents an attribute 'name' that is always
> > equal to the
> > relative distinguished name. AD allows only one RDN, but I don't mind
> > if this
> > can be multi-valued for the multi-RDN case. It is equal to the value
> > of the RDN
> > as presented in the RDN.
> >=20
> > This is not simply the subtype 'CN -> name', but a new attribute
> > unrelated to
> > the existing definition of 'name'.
> >=20
> > I don't care what name is assigned to 'name', as I can easily remap
> > attributes.
> >=20
> > It would be great if this could be constructed such that it may be
> > declared to
> > be unique for a particular one-level search (also an AD requirement,
> > but not one
> > Samba4 requires or enforces at this time). =20
>=20
> The only problem I see in defining such an attribute is that its
> syntax should allow the value of any syntax, so it should probably be
> octetString or something like that. =20
I think the AD document I reference explains that only some attributes
can be an RDN, so it limits them to those with a unicode string
representation I suppose.=20
There is another attribute that follows the 'type' of RDN btw (never
seen it used, but it's in the docs).=20
> From the implementation point of view, what operations should it be
> used for? If you only need it to be returned with searches, and to be
> compared, then the implementation would be trivial (it could be
> dynamically generated, much like entryDN, as far as I can tell). If
> you need to search for it, namely use it in a filter, then it might be
> better to store it in the database. This would require to handle add
> and modrdn, forbid modify, and nothing else.
Like entryDN, we need to be able to search on it, so it should probably
be persistent.
Andrew Bartlett
--=20
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
--=-z3vwQM0YDtLESpiQMoYR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQBJ5En/z4A8Wyi0NrsRAr6BAJ9TfUOgXqi25ArjKIXGVWDacL770gCgql6i
64vwlQj1AfncVVS2bCJlH5g=
=31Zg
-----END PGP SIGNATURE-----
--=-z3vwQM0YDtLESpiQMoYR--