Bug 6493 - Create LDAP referrals on onelevel/subtree searches to subpartitions
Summary: Create LDAP referrals on onelevel/subtree searches to subpartitions
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P3 minor (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
Depends on:
Reported: 2009-06-22 14:17 UTC by Matthias Dieter Wallnöfer
Modified: 2010-02-25 02:53 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Dieter Wallnöfer 2009-06-22 14:17:35 UTC
At the moment we don't honour subtrees on other partitions on search lookups. Only explicit lookups (I think with explicit basedn) find them. Examples: CN=Schema,CN=Configuration,<BASEDN> under CN=Configuration,<BASEDN> and CN=Configuration,<BASEDN> under <BASEDN>.
Comment 1 Andrew Bartlett 2009-06-29 00:57:55 UTC
Is this any different on Windows 2008?

This bug appears to be a feature - indeed, a subtree search (without the search options control) will only search one partition.  

The only bug I can see in this area is that in this circumstance, we don't return the head of the next partition (sort of like the mount point) in the results (we should). 
Comment 2 Matthias Dieter Wallnöfer 2009-06-29 08:06:07 UTC
Exactly (...return the head of the next partition...) that I wanted to say.
Comment 3 Andrew Bartlett 2009-11-23 22:31:47 UTC
Further tests have shown we should not return the head of the next partition.  

Unless you can explain in more detail how we differ, I'll call this invalid
Comment 4 Matthias Dieter Wallnöfer 2009-11-24 11:37:29 UTC
I was too vague with my argumentation.

1.) Take a normal Windows Server AD
2.) Open the domain in a normal LDAP Browser (I use for example LDAP Admin, but also Luma, GQ ... should work) or do a LDAP search

You find a reference to "CN=Configuration" - and if you open it, you find also one to "CN=Schema" -> that means, per default there are some types of referrals generated and returned

Instead, if you open e.g. ADUC you can't find them. I think this behaviour works with a special AD control.
Comment 5 Matthias Dieter Wallnöfer 2010-02-25 02:53:57 UTC
Fixed with my work regarding referrals.