From 14c4c2c735d6b263d167bf5255fcf60de2c91110 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 11 Feb 2010 15:42:48 +0100 Subject: ldb_match - Ignore ":dn" part of extended matches for now It's not fully clear what this ":dn" part means for us. What we know is that older AD implementations (Windows Server 2000, 2003) need it to have extended matches working in the expected way. To be able to interoperate with s3's winbind and other tools I and gd decided to transform this into a warning until we know what to do. This should fix bug #6511. --- source4/lib/ldb/common/ldb_match.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/lib') diff --git a/source4/lib/ldb/common/ldb_match.c b/source4/lib/ldb/common/ldb_match.c index f639effc96..4bd121a438 100644 --- a/source4/lib/ldb/common/ldb_match.c +++ b/source4/lib/ldb/common/ldb_match.c @@ -316,8 +316,11 @@ static int ldb_match_extended(struct ldb_context *ldb, struct ldb_message_element *el; if (tree->u.extended.dnAttributes) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: dnAttributes extended match not supported yet"); - return -1; + /* FIXME: We really need to find out what this ":dn" part in + * an extended match means and how to handle it. For now print + * only a warning to have s3 winbind and other tools working + * against us. - Matthias */ + ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet"); } if (tree->u.extended.rule_id == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet"); -- cgit