[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6055) Samba4 need 'name' implementation like AD (RDN-Name)

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2009-04-14 at 10:09 +0200, Pierangelo Masarati wrote:
> ----- abartlet@samba.org wrote:
> > Full_Name: Andrew Bartlett
> > Version: CVS HEAD
> > OS: Fedora 10
> > URL: http://msdn.microsoft.com/en-us/library/cc223167(PROT.13).aspx
> > Submission from: (NULL) (
> >=20
> >=20
> > Active Directory always presents an attribute 'name' that is always
> > equal to the
> > relative distinguished name.  AD allows only one RDN, but I don't mind
> > if this
> > can be multi-valued for the multi-RDN case.  It is equal to the value
> > of the RDN
> > as presented in the RDN.
> >=20
> > This is not simply the subtype 'CN -> name', but a new attribute
> > unrelated to
> > the existing definition of 'name'.
> >=20
> > I don't care what name is assigned to 'name', as I can easily remap
> > attributes.
> >=20
> > It would be great if this could be constructed such that it may be
> > declared to
> > be unique for a particular one-level search (also an AD requirement,
> > but not one
> > Samba4 requires or enforces at this time). =20
> The only problem I see in defining such an attribute is that its
> syntax should allow the value of any syntax, so it should probably be
> octetString or something like that. =20

I think the AD document I reference explains that only some attributes
can be an RDN, so it limits them to those with a unicode string
representation I suppose.=20

There is another attribute that follows the 'type' of RDN btw (never
seen it used, but it's in the docs).=20

> From the implementation point of view, what operations should it be
> used for?  If you only need it to be returned with searches, and to be
> compared, then the implementation would be trivial (it could be
> dynamically generated, much like entryDN, as far as I can tell).  If
> you need to search for it, namely use it in a filter, then it might be
> better to store it in the database.  This would require to handle add
> and modrdn, forbid modify, and nothing else.

Like entryDN, we need to be able to search on it, so it should probably
be persistent.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.9 (GNU/Linux)