Hi,
these two patches make the use of the ldap_search_base option optional and should fix ticket #558.
bye, Sumit
On Tue, Nov 02, 2010 at 10:57:23AM +0100, Sumit Bose wrote:
Hi,
these two patches make the use of the ldap_search_base option optional and should fix ticket #558.
bye, Sumit
selfNACK to the old version. On IRC Simo mentioned that it might be useful to check defaultNamingContext, too. This attribute is e.g. used by Active Directoy where namingContexts has multiple values be default.
We also discussed what we can do if there is no defaultNamingContext and namingContexts has multiple values. I think we cannot do anything in this case, because there is no ordering in the attributes. If e.g. we choose always the first we might use a different value at each restart.
New patches are attached which check defaultNamingContext first and use namingContexts otherwise.
bye, Sumit
On Tue, 2 Nov 2010 22:39:45 +0100 Sumit Bose sbose@redhat.com wrote:
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 8c38ca7..2071eb4 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -76,6 +76,13 @@ The default base DN to use for performing LDAP user operations. </para>
<para>Default: If not set the value of thenamingContexts
attribute from the RootDSE of the LDAPserver is
used. The namingContexts attribute musthave a
single value with the DN of the searchbase of the
LDAP server to make this work.</para> </listitem> </varlistentry>@@ -1045,7 +1052,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>@@ -1059,7 +1068,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>@@ -1073,7 +1084,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>
NACK, with the change to support defaultNamingContext, these explanations are not correct anymore.
Simo.
On Wed, Nov 03, 2010 at 08:48:21AM -0400, Simo Sorce wrote:
On Tue, 2 Nov 2010 22:39:45 +0100 Sumit Bose sbose@redhat.com wrote:
....
memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>NACK, with the change to support defaultNamingContext, these explanations are not correct anymore.
Thanks for catching this. New versions attached.
bye, Sumit
Simo.
-- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/03/2010 09:19 AM, Sumit Bose wrote:
On Wed, Nov 03, 2010 at 08:48:21AM -0400, Simo Sorce wrote:
On Tue, 2 Nov 2010 22:39:45 +0100 Sumit Bose sbose@redhat.com wrote:
....
memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>NACK, with the change to support defaultNamingContext, these explanations are not correct anymore.
Thanks for catching this. New versions attached.
Nack. Please clean up the tabs in sdap_get_rootdse_send() for the attrs[] list.
Please use a different loop-control variable than "o" in sdap_set_config_options_with_rootdse(). It's difficult to differentiate at a glance between search_base_options[o] and search_base_options[0].
It's probably less confusing to leave the ldap_*_search_base manpage entries saying that they default to the value of ldap_search_base. Reading the manpage entry for that option will provide all of the necessary information.
Right now, the way these specific options read is ambiguous (does it use ldap_search_base, namingContexts or defaultNamingContexts?).
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Thu, Nov 04, 2010 at 01:42:31PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/03/2010 09:19 AM, Sumit Bose wrote:
On Wed, Nov 03, 2010 at 08:48:21AM -0400, Simo Sorce wrote:
On Tue, 2 Nov 2010 22:39:45 +0100 Sumit Bose sbose@redhat.com wrote:
....
memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of
<emphasis>ldap_search_base</emphasis>
<emphasis>ldap_search_base</emphasis> orthe value
of the namingContexts attribute of theRootDSE of the
LDAP server. </para> </listitem> </varlistentry>NACK, with the change to support defaultNamingContext, these explanations are not correct anymore.
Thanks for catching this. New versions attached.
Nack. Please clean up the tabs in sdap_get_rootdse_send() for the attrs[] list.
Please use a different loop-control variable than "o" in sdap_set_config_options_with_rootdse(). It's difficult to differentiate at a glance between search_base_options[o] and search_base_options[0].
It's probably less confusing to leave the ldap_*_search_base manpage entries saying that they default to the value of ldap_search_base. Reading the manpage entry for that option will provide all of the necessary information.
Right now, the way these specific options read is ambiguous (does it use ldap_search_base, namingContexts or defaultNamingContexts?).
I think you have already pushed the patches accidentally. Please find attached a patch which adds your comments.
bye, Sumit
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzS8IcACgkQeiVVYja6o6PkZQCgqtUzQyYXEqSdtl7gbl8V1AZq T6sAoJGa80W5gnKrtbuwNmR6Yxtv99nh =fjKc -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/05/2010 07:23 AM, sbose@redhat.com wrote:
I think you have already pushed the patches accidentally. Please find attached a patch which adds your comments.
Ugh, I can't believe I did that. At least none of the comments affected functionality...
Anyway, ack to your changes.
Pushed to master.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org
-
Simo Sorce -
Stephen Gallagher -
Sumit Bose