Andrew Bartlett wrote:
I can un-hide it for Samba (I have code that adds a list of attributes to any query for *), but I just wanted to check there wasn't a more elegant way to do it.
The only alternative I see consists in moving the addition of "memberOf" to the list of attrs when it's empty, or '*' is present and either '+' or 'extensibleObject' are absent, into slapd (again, using an overlay).
If you're only interested in certain attributes you should not use * anyway since this would return also binary attributes like jpegPhoto and userCertificate which likely are of not much use for Samba, are they?
The problem is not Samba4, but Samba4's clients. See, Samba4 is an LDAP proxy in this situation, and has a role simply to try and make OpenLDAP look more like AD than it does at present.
Samba4's clients are written expecting AD's behaviour, and while I might hope that they would explicitly request the attributes they need, if I can make such mistakes in my test scripts, so can they...
The addition of this feature is (almost) trivial. So the decision should be based on: - should this "feature" be exposed to all users, or - should it be exposed only to users using samba4 as proxy? I'll code it anyway (not now, perhaps later today) and let you decide after experimenting.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------