Bug 6717 - Option to disable following LDAP refs
Summary: Option to disable following LDAP refs
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 enhancement
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-09-13 08:10 UTC by Jan Engelhardt
Modified: 2009-10-26 06:15 UTC (History)
0 users

See Also:

Patch for selectively disabling LDAP referral following (2.68 KB, text/plain)
2009-09-13 08:11 UTC, Jan Engelhardt
no flags Details
Revised patch with doc (4.28 KB, text/plain)
2009-09-15 17:14 UTC, Jan Engelhardt
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Engelhardt 2009-09-13 08:10:35 UTC
Patch below.
Comment 1 Jan Engelhardt 2009-09-13 08:11:04 UTC
Created attachment 4687 [details]
Patch for selectively disabling LDAP referral following
Comment 2 Volker Lendecke 2009-09-13 10:14:16 UTC
Looks good, thanks. Two comments: In Samba, we always use {} in if-statements, even if there's only a single statement inside. And, can you please also provide a manpage entry for that parameter? See docs-xml/smbdotconf for examples.


Comment 3 Karolin Seeger 2009-09-15 02:34:08 UTC
As this patch adds a new parameter, it won't be added in a stable release branch. That means that it will be in Samba 3.5, not in 3.2, 3.3 or 3.4.
Raising Product number.

Please provide the manpage entry also and then we could pick that for 3.5.

Thanks a lot!
Comment 4 Björn Jacke 2009-09-15 12:16:58 UTC
Jan, can you please tell the use case for this option?
Comment 5 Jan Engelhardt 2009-09-15 14:11:56 UTC

smbd would exit with a trace whenever it sees the same user on two different DNs. We happen to have an LDAP referral somewhere in below ou=asterisk,o=ourorg to ou=users,o=ourorg so that asterisk can search the posixAccounts in "its" subtree, but since smbd has to practically search below o=ourorg instead of just the defined ou=(users,group,machines),o=ourorg, it is required to deactivate following LDAP referrals. Suboptimal, but I can't change it.
Comment 6 Volker Lendecke 2009-09-15 14:46:40 UTC
As I said, it does make sense to have this option. Please add a manpage and the small change I requested. After that from my point of view it can go into master.

Comment 7 Jan Engelhardt 2009-09-15 17:14:40 UTC
Created attachment 4701 [details]
Revised patch with doc

New patch with manpage entry. Also pullable from
  git://dev.medozas.de/samba  master
Comment 8 Karolin Seeger 2009-10-12 03:56:45 UTC
Volker, is a review of the new patch needed?
Can I push the patch to master and v3-5-test?
Comment 9 Karolin Seeger 2009-10-12 05:57:25 UTC
Pushed the patch + an additional build fix (prototype declaration) to master and v3-5-test. Will be included in 3.5.0.
Closing out bug report.

Thanks for providing the patch! :-)

Comment 10 Karolin Seeger 2009-10-26 06:15:54 UTC
Please note the this parameter has been renamed to "ldap follow referral".