Storing entries in several levels

[Jose Gonzalez Gomez <jgonzalez@opentechnet.com>]

    Hi there,

    I'm testing heimdal for use in an authentication server, and I have 
integrated it with OpenLDAP. I would like to have the possibility of 
storing kerberos principals in several levels of the directory, not just 
one plain level containing all the principals. Heimdal right now (at 
least the version tested, 0.6.2) doesn't support this, so I modified the 
sources to have this functionality. Here is the patch:

--- lib/hdb/hdb-ldap.c.orig	2004-07-30 10:50:38.883167858 +0200
+++ lib/hdb/hdb-ldap.c	2004-07-30 10:52:18.101664881 +0200
@@ -585,7 +585,7 @@
 	goto out;
     }
 
-    rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter, 
+    rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_SUBTREE, filter, 
 		       krb5kdcentry_attrs, 0, msg);
     if (rc != LDAP_SUCCESS) {
 	krb5_set_error_string(context, "ldap_search_s: %s", ldap_err2string(rc));
@@ -931,7 +931,7 @@
     }
 
     msgid = ldap_search((LDAP *) db->db, db->name,
-			LDAP_SCOPE_ONELEVEL, "(objectclass=krb5KDCEntry)",
+			LDAP_SCOPE_SUBTREE, "(objectclass=krb5KDCEntry)",
 			krb5kdcentry_attrs, 0);
     if (msgid < 0) {
 	return HDB_ERR_NOENTRY;


    This seems to be working properly, as I'm able to list all the 
principals in an entire subtree using "list *", and I have been able to 
kinit using an entry stored in a sub level. I'm curious about why this 
functionality wan't provided from the beginning... maybe I am missing 
anything, and this shouldn't be done? In case this is correct, could 
this be included in a future release? Should I send it to 
heimdal-bugs@pdc.kth.se?

    Best regards
    Jose