[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] [REG:111020105939834] RE: server behavior with
From: Tom Jebo <tomjebo () microsoft ! com>
Date: 2011-02-01 1:46:15
Message-ID: D7A6DB27D1B6384884025160FF5DE5552080A2B5 () TK5EX14MBXC121 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]
Hi Matthieu,
I've created case 111020105939834 for this and one of the Open Specification team \
will contact you shortly to start working with you on this problem.
Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications
-----Original Message-----
From: Matthieu Patou [mailto:mat@samba.org]
Sent: Monday, January 31, 2011 4:43 PM
To: Interoperability Documentation Help; pfif@tridgell.net; cifs-protocol@samba.org
Subject: server behavior with dirsync control when the search base is not a root of a \
nc
Dear doc team,
I have some question related to the behavior of w2k8r2 vs what is described in the \
docuementation.
MS-ADTS.pdf at paragraph "3.1.1.3.4.1.3LDAP_SERVER_DIRSYNC_OID" says:
"If the base of the search is not the root of an NC, the server will return the error \
unwillingToPerform ([RFC2251] section 4.1.10). If the search scope is not subtree \
scope, the server will treat the search as if subtree scope was specified."
If I do a search with ldbsearch with LDAP_DIRSYNC_OBJECT_SECURITY not set like this \
on the base "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net": \
mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:0:1000" \
-H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b \
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"
I get
search error - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -
<00002105: LdapErr: DSID-0C0908C0, comment: Error processing control, data 0, v1db0> \
<>
I suppose I should have unwilling_to_perform
If I set the LDAP_DIRSYNC_OBJECT_SECURITY flag with the same user and the same base:
mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:1:1000" \
-H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b \
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"
Then I correctly get the "unwilling_to_perform" error.
search error - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020F7:
LdapErr: DSID-0C0908F3, comment: Error processing control, data 0, v1db0> <>
Can you explain if I missed something in the doc or if the doc is not accurate ?
Regards
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic