[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    [cifs-protocol] [REG:111020102754615] RE: behavior of windows
From:       Tom Jebo <tomjebo () microsoft ! com>
Date:       2011-02-01 0:57:58
Message-ID: D7A6DB27D1B6384884025160FF5DE5552080A01D () TK5EX14MBXC121 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]

Hi Matthieu,

I've created case 111020102754615 and one of the Open Specifications team will be \
contacting you shortly to start working with you on this problem.  

Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications

-----Original Message-----
From: Matthieu Patou [mailto:mat@samba.org] 
Sent: Monday, January 31, 2011 5:35 PM
To: pfif@tridgell.net; Interoperability Documentation Help; cifs-protocol@samba.org
Subject: behavior of windows with/without the \
DS-Replication-Get-Changes-In-Filtered-Set right

Dear doc team,

This page,
http://msdn.microsoft.com/en-us/library/cc223347%28v=prot.10%29.aspx, says:

"If the flag is not specified, the server MUST do the following:
....
If the server is running Windows Server(r) 2008 operating system or Windows Server(r) \
2008 R2 operating system and the client has requested any attributes in the filtered \
attribute set, the server checks that the client has the \
DS-Replication-Get-Changes-In-Filtered-Set control access right (section 7.1.1.2.7.71 \
<http://msdn.microsoft.com/en-us/library/cc223657%28v=prot.10%29.aspx>) or else \
returns the /insufficientAccessRights/ error to the client."

The flag that we are talking about is LDAP_SERVER_DIRSYNC_OID.
I either have some problems to understand the meaning of "requested any attributes in \
the filtered attribute set" or I have problems requesting them or something else as \
I'm unable to test this particular case.

In w2k8r2 I created a user and granted him DS-Replication-Get-Changes, but not \
DS-Replication-Get-Changes-In-Filtered-Set so I'm expecting that when I add the \
filter "(samaccountname=ad*)", in the ldap request, that the system will reject my \
request but it's not so I'm wondering what is exactly "the filtered attribute set" ? \
Can you clarify this point ?

Regards.

Matthieu Patou.

--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary




_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic