Attachment 5427 Details for Bug 7186 – option ldapsam:ignoreGroupDisplayName

[patch] option ldapsam:ignoreGroupDisplayName

samba-3.4.6-ignore-group-displayname.diff (text/plain), 5.36 KB, created by Carsten Dumke on 2010-02-26 07:45:34 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Carsten Dumke

Created: 2010-02-26 07:45:34 UTC

Size: 5.36 KB

patch

obsolete

>diff -Nurbd samba-3.4.6.orig/docs/htmldocs/manpages/smb.conf.5.html samba-3.4.6/docs/htmldocs/manpages/smb.conf.5.html
>--- samba-3.4.6.orig/docs/htmldocs/manpages/smb.conf.5.html	2010-02-22 16:30:12.000000000 +0100
>+++ samba-3.4.6/docs/htmldocs/manpages/smb.conf.5.html	2010-02-26 14:11:29.000000000 +0100
>@@ -2998,6 +2998,22 @@
> </em></span>
> </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2547529"></a>
> 
>+ldapsam:ignoreGroupDisplayName (G)
>+</h3></div></div></div><a class="indexterm" name="id2553511"></a><a name="LDAPSAM:IGNOREGROUPDISPLAYNAME"></a><div class="variablelist"><dl><dt></dt><dd><p>
>+	By default, Samba as a Domain Controller with a LDAP backend reads the
>+	name of a group from the displayName attribute and if this
>+	attribute is not set from attribute cn. For some setups this
>+	behavior is undesirable or not feasible.
>+	</p><p>
>+	To make Samba always us the cn attribute, the <a class="link"
>+	href="smb.conf.5.html#LDAPSAM:IGNOREGROUPDISPLAYNAME"
>+	target="_top">ldapsam:ignoreGroupDisplayName = yes</a>
>+	option forces the displayName attribute to be ignored.
>+	</p><p>Default: <span class="emphasis"><em><em
>+class="parameter"><code>ldapsam:ignoreGroupDisplayName</code></em> = <code class="literal">no</code>
>+</em></span>
>+</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2545564"></a>
>+
> ldapsam:trusted (G)
> </h3></div></div></div><a class="indexterm" name="id2547530"></a><a name="LDAPSAM:TRUSTED"></a><div class="variablelist"><dl><dt></dt><dd><p>
> 	By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
>diff -Nurbd samba-3.4.6.orig/docs/manpages/smb.conf.5 samba-3.4.6/docs/manpages/smb.conf.5
>--- samba-3.4.6.orig/docs/manpages/smb.conf.5	2010-02-22 16:30:12.000000000 +0100
>+++ samba-3.4.6/docs/manpages/smb.conf.5	2010-02-26 14:11:29.000000000 +0100
>@@ -5062,6 +5062,20 @@
> \fI\fIldapsam:editposix\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
> .RE
> 
>+ldapsam:ignoreGroupDisplayName (G)
>+.\" ldapsam:ignoreGroupDisplayName
>+.PP
>+.RS 4
>+By default, Samba as a Domain Controller with a LDAP backend reads the name of a group from the displayName attribute and if this attribute is not set from attribute cn\&. For some setups this behavior is undesirable or not feasible\&.
>+.sp
>+To make Samba always us the cn attribute, the
>+\m[blue]\fBldapsam:ignoreGroupDisplayName = yes\fR\m[]
>+option forces the displayName attribute to be ignored\&.
>+.sp
>+Default:
>+\fI\fIldapsam:ignoreGroupDisplayName\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
>+.RE
>+
> ldapsam:trusted (G)
> .\" ldapsam:trusted
> .PP
>diff -Nurbd samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml
>--- samba-3.4.6.orig/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml	1970-01-01 01:00:00.000000000 +0100
>+++ samba-3.4.6/docs-xml/smbdotconf/ldap/ldapsamignoregroupdisplayname.xml	2010-02-26 14:11:29.000000000 +0100
>@@ -0,0 +1,23 @@
>+<samba:parameter name="ldapsam:ignoreGroupDisplayName"
>+	context="G"
>+	type="string"
>+		 advanced="1" developer="0"
>+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
>+<description>
>+
>+	<para>
>+	By default, Samba as a Domain Controller with a LDAP backend reads the
>+	name of a group from the displayName attribute and if this
>+	attribute is not set from attribute cn. For some setups this
>+	behavior is undesirable or not feasible.
>+	</para>
>+
>+	<para>
>+	To make Samba always us the cn attribute, the <smbconfoption
>+	name="ldapsam:ignoreGroupDisplayName">yes</smbconfoption>
>+	option forces the displayName attribute to be ignored.
>+	</para>
>+
>+</description>
>+<value type="default">no</value>
>+</samba:parameter>
>diff -Nurbd samba-3.4.6.orig/source3/passdb/pdb_ldap.c samba-3.4.6/source3/passdb/pdb_ldap.c
>--- samba-3.4.6.orig/source3/passdb/pdb_ldap.c	2010-02-23 10:35:42.000000000 +0100
>+++ samba-3.4.6/source3/passdb/pdb_ldap.c	2010-02-26 14:11:29.000000000 +0100
>@@ -2484,7 +2484,8 @@
> 			get_attr_key2string(groupmap_attr_list,
> 				LDAP_ATTR_DISPLAY_NAME),
> 			ctx);
>-	if (!temp) {
>+	if ((!temp)
>+	    || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) {
> 		temp = smbldap_talloc_single_attribute(
> 				ldap_state->smbldap_state->ldap_struct,
> 				entry,
>@@ -4261,9 +4262,15 @@
> 
> 		attr = smbldap_talloc_single_attribute(ld, entry, "displayName", names);
> 
>-		if (attr == NULL) {
>+		if ((attr == NULL)
>+		    || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) {
>+			if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) {
>+				DEBUG(10, ("'displayName' attribute ignored\n"));
>+			}
>+			else {
> 			DEBUG(10, ("Could not retrieve 'displayName' attribute from %s\n",
> 				   dn));
>+			}
> 			attr = smbldap_talloc_single_attribute(ld, entry, "cn", names);
> 		}
> 
>@@ -4708,8 +4715,14 @@
> 	/* display name is the NT group name */
> 
> 	vals = ldap_get_values(ld, entry, "displayName");
>-	if ((vals == NULL) || (vals[0] == NULL)) {
>+	if ((vals == NULL) || (vals[0] == NULL)
>+	    || lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) {
>+		if (lp_parm_bool(-1, "ldapsam", "ignoreGroupDisplayName", False)) {
>+			DEBUG(8, ("\"displayName\" ignored\n"));
>+		}
>+		else {
> 		DEBUG(8, ("\"displayName\" not found\n"));
>+		}
> 
> 		/* fallback to the 'cn' attribute */
> 		vals = ldap_get_values(ld, entry, "cn");

Actions: View

Attachments on bug 7186: 5427