Bug 7186 - Option to ignore displayName attribute for LDAP-groups
Summary: Option to ignore displayName attribute for LDAP-groups
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 enhancement
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-26 07:42 UTC by Carsten Dumke
Modified: 2011-05-31 20:18 UTC (History)
1 user (show)

See Also:

Attachments
option ldapsam:ignoreGroupDisplayName (5.36 KB, patch)
2010-02-26 07:45 UTC, Carsten Dumke 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Dumke 2010-02-26 07:42:21 UTC 
By default, Samba as a Domain Controller with a LDAP backend reads the
name of a group from the displayName attribute and if this
attribute is not set from attribute cn. For some setups this
behavior is undesirable or not feasible (i.e. one would like
to ignore the displayname-content and always use the cn-attribute).

To make Samba always us the cn attribute, I suggest to add the option "ldapsam:ignoreGroupDisplayName" (values: yes/no) to Samba.
Set to "yes" this option should forces the displayName attribute of groups
to be ignored.

A patch implementing this option follows.
Comment 1 Carsten Dumke 2010-02-26 07:45:34 UTC 
Created attachment 5427 [details]
option ldapsam:ignoreGroupDisplayName

My patch implements the option "ldapsam:ignoreGroupDisplayName" (samba-3.4.6).
Comment 2 Karolin Seeger 2010-03-08 04:47:45 UTC 
Raising product as enhancements won't be added to 3.4, but for upcoming 3.6.
Comment 3 Björn Jacke 2011-05-31 20:18:23 UTC 
the goal looks reasonable but it looks like the logic of the patch about when to pull the cn and when to pull the displayname attribute needs some rework.