[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    [cifs-protocol] [REG:111020105939834] RE: server behavior with
From:       Tom Jebo <tomjebo () microsoft ! com>
Date:       2011-02-01 1:46:15
Message-ID: D7A6DB27D1B6384884025160FF5DE5552080A2B5 () TK5EX14MBXC121 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]

Hi Matthieu, 

I've created case 111020105939834 for this and one of the Open Specification team \
will contact you shortly to start working with you on this problem.

Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications


-----Original Message-----
From: Matthieu Patou [mailto:mat@samba.org] 
Sent: Monday, January 31, 2011 4:43 PM
To: Interoperability Documentation Help; pfif@tridgell.net; cifs-protocol@samba.org
Subject: server behavior with dirsync control when the search base is not a root of a \
nc

Dear doc team,

I have some question related to the behavior of w2k8r2 vs what is described in the \
docuementation.

MS-ADTS.pdf at paragraph "3.1.1.3.4.1.3LDAP_SERVER_DIRSYNC_OID" says:

"If the base of the search is not the root of an NC, the server will return the error \
unwillingToPerform ([RFC2251] section 4.1.10). If the search scope is not subtree \
scope, the server will treat the search as if subtree scope was specified."


If I do a search with ldbsearch with LDAP_DIRSYNC_OBJECT_SECURITY not set  like this \
on the base "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net": \
mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:0:1000" \
-H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b \
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"

I get
search error - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -
<00002105: LdapErr: DSID-0C0908C0, comment: Error processing control, data 0, v1db0> \
<>

I suppose I should have unwilling_to_perform


If I set the LDAP_DIRSYNC_OBJECT_SECURITY flag with the same user and the same base:
mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:1:1000" \
-H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b \
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"

Then I correctly get the "unwilling_to_perform" error.
search error - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020F7: 
LdapErr: DSID-0C0908F3, comment: Error processing control, data 0, v1db0> <>


Can you explain if I missed something in the doc or if the doc is not accurate ?

Regards
Matthieu.


--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary



_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic