+ldapsam:ignoreGroupDisplayName (G) +

+ By default, Samba as a Domain Controller with a LDAP backend reads the + name of a group from the displayName attribute and if this + attribute is not set from attribute cn. For some setups this + behavior is undesirable or not feasible. +

+ To make Samba always us the cn attribute, the ldapsam:ignoreGroupDisplayName = yes + option forces the displayName attribute to be ignored. +

Default: ldapsam:ignoreGroupDisplayName = no + +

+ ldapsam:trusted (G)

: By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to diff -Nurbd samba-3.4.6.orig/docs/manpages/smb.conf.5 samba-3.4.6/docs/manpages/smb.conf.5 --- samba-3.4.6.orig/docs/manpages/smb.conf.5 2010-02-22 16:30:12.000000000 +0100 +++ samba-3.4.6/docs/manpages/smb.conf.5 2010-02-26 14:11:29.000000000 +0100 @@ -5062,6 +5062,20 @@ \fI\fIldapsam:editposix\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR .RE +ldapsam:ignoreGroupDisplayName (G) +.\" ldapsam:ignoreGroupDisplayName +.PP +.RS 4 +By default, Samba as a Domain Controller with a LDAP backend reads the name of a group from the displayName attribute and if this attribute is not set from attribute cn\&. For some setups this behavior is undesirable or not feasible\&. +.sp +To make Samba always us the cn attribute, the +\m[blue]\fBldapsam:ignoreGroupDisplayName = yes\fR\m[] +option forces the displayName attribute to be ignored\&. +.sp +Default: +\fI\fIldapsam:ignoreGroupDisplayName\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR +.RE + ldapsam:trusted (G) .\" ldapsam:trusted .PP diff -Nurbd samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml --- samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml 1970-01-01 01:00:00.000000000 +0100 +++ samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml 2010-02-26 14:11:29.000000000 +0100 @@ -0,0 +1,23 @@ + + + + + By default, Samba as a Domain Controller with a LDAP backend reads the + name of a group from the displayName attribute and if this + attribute is not set from attribute cn. For some setups this + behavior is undesirable or not feasible. + + + + To make Samba always us the cn attribute, the yes + option forces the displayName attribute to be ignored. + + + +no + diff -Nurbd samba-3.4.6.orig/source3/passdb/pdb_ldap.c samba-3.4.6/source3/passdb/pdb_ldap.c --- samba-3.4.6.orig/source3/passdb/pdb_ldap.c 2010-02-23 10:35:42.000000000 +0100 +++ samba-3.4.6/source3/passdb/pdb_ldap.c 2010-02-26 14:11:29.000000000 +0100 @@ -2484,7 +2484,8 @@ get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), ctx); - if (!temp) { + if ((!temp) + || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { temp = smbldap_talloc_single_attribute( ldap_state->smbldap_state->ldap_struct, entry, @@ -4261,9 +4262,15 @@ attr = smbldap_talloc_single_attribute(ld, entry, "displayName", names); - if (attr == NULL) { + if ((attr == NULL) + || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { + if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { + DEBUG(10, ("'displayName' attribute ignored\n")); + } + else { DEBUG(10, ("Could not retrieve 'displayName' attribute from %s\n", dn)); + } attr = smbldap_talloc_single_attribute(ld, entry, "cn", names); } @@ -4708,8 +4715,14 @@ /* display name is the NT group name */ vals = ldap_get_values(ld, entry, "displayName"); - if ((vals == NULL) || (vals[0] == NULL)) { + if ((vals == NULL) || (vals[0] == NULL) + || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { + if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { + DEBUG(8, ("\"displayName\" ignored\n")); + } + else { DEBUG(8, ("\"displayName\" not found\n")); + } /* fallback to the 'cn' attribute */ vals = ldap_get_values(ld, entry, "cn");