"Shahms E. King" wrote: > > > One problem we uncovered is that the backend needs to convert all strings > > stored in LDAP to/from UTF-8. This mainly affects users real names which > > look quite borked if they contain non 7bit ASCII chars. Some LDAP servers > > will let you use any charset but OpenLDAP likes to enforce UTF-8 (also the > > LDAPv3 standard mandates it). > > Well, that's what I get for living in the US, i18n bugs don't tend to > bite me in the butt.
Yes, we have a patch in the works to do this for the ADS LDAP code, and once that is in I'll look at how to merge it for pdb_ldap. > > Binding to the LDAP server with v3 of the protocol would be nice, since v2 > > is deprecated in OpenLDAP v2.1 (OK, so v2.1 isn't ready for prime time > > yet, but it's still nice to get it done). > > We do bind in v3 if it's supported, otherwise we fall back to v2 (or at > least, we used to, but I'm pretty sure it hasn't changed.) > > > Sane defaults need to be added for optional attributes, for example > > pwdMustChange ought to be never if it's not present in the users > > record. > > This sounds suspiciously like the (more serious) rid issues that > happened a while ago, but I don't think it should be something that is > too difficult to fix; then again, I haven't looked at pdb_ldap.c in a > while. This is fixed in HEAD, and has been for a fair while. Attributes not present revert to defaults, and are not resaved. > > My question is if anyone is actively working on the LDAP backend and if > > the above problems will be fixed soon. Else I will start working on it > > myself and submit some patches. > > I don't know about the other contributors, but I personally am no longer > actively working on it. I do, however, maintain an active interest in > it, and if I'm mistaken about binding with version 3, that is something > I will address. I am, however, woefully lacking knowledge about > character set conversions at the moment, so if you would care to take > care of those issues I (and the rest of the non-English speaking, LDAP > and Samba using world) would be grateful. I maintain pdb_ldap in HEAD, as I use it at my site. (It was a the subject of a mildly hostile takeover earlier this year, along with the rest of the passdb subsystem ;-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
