On Fri, 2008-01-11 at 10:04 +0100, Michael StrÃder wrote: > Andrew Bartlett wrote: > > One of the odd things I've noticed since moving to OpenLDAP managing > > memberOf is that memberOf is a hidden attribute by default. Is that > > because it is treated as operational (due to being managed by the > > module)? > > Operational attributes are not returned when using * as attribute list. > But they are returned when using +. So use *,+ for fetching all attrs. > See also http://www.ietf.org/rfc/rfc3673.txt. > > > I can un-hide it for Samba (I have code that adds a list of attributes > > to any query for *), but I just wanted to check there wasn't a more > > elegant way to do it. > > If you're only interested in certain attributes you should not use * > anyway since this would return also binary attributes like jpegPhoto and > userCertificate which likely are of not much use for Samba, are they? The problem is not Samba4, but Samba4's clients. See, Samba4 is an LDAP proxy in this situation, and has a role simply to try and make OpenLDAP look more like AD than it does at present. Samba4's clients are written expecting AD's behaviour, and while I might hope that they would explicitly request the attributes they need, if I can make such mistakes in my test scripts, so can they... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part