The Samba-Bugzilla – Attachment 5427 Details for
Bug 7186
Option to ignore displayName attribute for LDAP-groups
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
option ldapsam:ignoreGroupDisplayName
samba-3.4.6-ignore-group-displayname.diff (text/plain), 5.36 KB, created by
Carsten Dumke
on 2010-02-26 07:45:34 UTC
(
hide
)
Description:
option ldapsam:ignoreGroupDisplayName
Filename:
MIME Type:
Creator:
Carsten Dumke
Created:
2010-02-26 07:45:34 UTC
Size:
5.36 KB
patch
obsolete
>diff -Nurbd samba-3.4.6.orig/docs/htmldocs/manpages/smb.conf.5.html samba-3.4.6/docs/htmldocs/manpages/smb.conf.5.html >--- samba-3.4.6.orig/docs/htmldocs/manpages/smb.conf.5.html 2010-02-22 16:30:12.000000000 +0100 >+++ samba-3.4.6/docs/htmldocs/manpages/smb.conf.5.html 2010-02-26 14:11:29.000000000 +0100 >@@ -2998,6 +2998,22 @@ > </em></span> > </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547529"></a> > >+ldapsam:ignoreGroupDisplayName (G) >+</h3></div></div></div><a class="indexterm" name="id2553511"></a><a name="LDAPSAM:IGNOREGROUPDISPLAYNAME"></a><div class="variablelist"><dl><dt></dt><dd><p> >+ By default, Samba as a Domain Controller with a LDAP backend reads the >+ name of a group from the displayName attribute and if this >+ attribute is not set from attribute cn. For some setups this >+ behavior is undesirable or not feasible. >+ </p><p> >+ To make Samba always us the cn attribute, the <a class="link" >+ href="smb.conf.5.html#LDAPSAM:IGNOREGROUPDISPLAYNAME" >+ target="_top">ldapsam:ignoreGroupDisplayName = yes</a> >+ option forces the displayName attribute to be ignored. >+ </p><p>Default: <span class="emphasis"><em><em >+class="parameter"><code>ldapsam:ignoreGroupDisplayName</code></em> = <code class="literal">no</code> >+</em></span> >+</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545564"></a> >+ > ldapsam:trusted (G) > </h3></div></div></div><a class="indexterm" name="id2547530"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p> > By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to >diff -Nurbd samba-3.4.6.orig/docs/manpages/smb.conf.5 samba-3.4.6/docs/manpages/smb.conf.5 >--- samba-3.4.6.orig/docs/manpages/smb.conf.5 2010-02-22 16:30:12.000000000 +0100 >+++ samba-3.4.6/docs/manpages/smb.conf.5 2010-02-26 14:11:29.000000000 +0100 >@@ -5062,6 +5062,20 @@ > \fI\fIldapsam:editposix\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR > .RE > >+ldapsam:ignoreGroupDisplayName (G) >+.\" ldapsam:ignoreGroupDisplayName >+.PP >+.RS 4 >+By default, Samba as a Domain Controller with a LDAP backend reads the name of a group from the displayName attribute and if this attribute is not set from attribute cn\&. For some setups this behavior is undesirable or not feasible\&. >+.sp >+To make Samba always us the cn attribute, the >+\m[blue]\fBldapsam:ignoreGroupDisplayName = yes\fR\m[] >+option forces the displayName attribute to be ignored\&. >+.sp >+Default: >+\fI\fIldapsam:ignoreGroupDisplayName\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR >+.RE >+ > ldapsam:trusted (G) > .\" ldapsam:trusted > .PP >diff -Nurbd samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml >--- samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml 1970-01-01 01:00:00.000000000 +0100 >+++ samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml 2010-02-26 14:11:29.000000000 +0100 >@@ -0,0 +1,23 @@ >+<samba:parameter name="ldapsam:ignoreGroupDisplayName" >+ context="G" >+ type="string" >+ advanced="1" developer="0" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ >+ <para> >+ By default, Samba as a Domain Controller with a LDAP backend reads the >+ name of a group from the displayName attribute and if this >+ attribute is not set from attribute cn. For some setups this >+ behavior is undesirable or not feasible. >+ </para> >+ >+ <para> >+ To make Samba always us the cn attribute, the <smbconfoption >+ name="ldapsam:ignoreGroupDisplayName">yes</smbconfoption> >+ option forces the displayName attribute to be ignored. >+ </para> >+ >+</description> >+<value type="default">no</value> >+</samba:parameter> >diff -Nurbd samba-3.4.6.orig/source3/passdb/pdb_ldap.c samba-3.4.6/source3/passdb/pdb_ldap.c >--- samba-3.4.6.orig/source3/passdb/pdb_ldap.c 2010-02-23 10:35:42.000000000 +0100 >+++ samba-3.4.6/source3/passdb/pdb_ldap.c 2010-02-26 14:11:29.000000000 +0100 >@@ -2484,7 +2484,8 @@ > get_attr_key2string(groupmap_attr_list, > LDAP_ATTR_DISPLAY_NAME), > ctx); >- if (!temp) { >+ if ((!temp) >+ || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { > temp = smbldap_talloc_single_attribute( > ldap_state->smbldap_state->ldap_struct, > entry, >@@ -4261,9 +4262,15 @@ > > attr = smbldap_talloc_single_attribute(ld, entry, "displayName", names); > >- if (attr == NULL) { >+ if ((attr == NULL) >+ || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { >+ if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { >+ DEBUG(10, ("'displayName' attribute ignored\n")); >+ } >+ else { > DEBUG(10, ("Could not retrieve 'displayName' attribute from %s\n", > dn)); >+ } > attr = smbldap_talloc_single_attribute(ld, entry, "cn", names); > } > >@@ -4708,8 +4715,14 @@ > /* display name is the NT group name */ > > vals = ldap_get_values(ld, entry, "displayName"); >- if ((vals == NULL) || (vals[0] == NULL)) { >+ if ((vals == NULL) || (vals[0] == NULL) >+ || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { >+ if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) { >+ DEBUG(8, ("\"displayName\" ignored\n")); >+ } >+ else { > DEBUG(8, ("\"displayName\" not found\n")); >+ } > > /* fallback to the 'cn' attribute */ > vals = ldap_get_values(ld, entry, "cn");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7186
: 5427