[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol] behavior of windows with/without the
From:       Bryan Burgin <bburgin () microsoft ! com>
Date:       2011-02-10 21:51:16
Message-ID: BBA84BA7DDF8E7499FA84A8575F130CA0F9701 () TK5EX14MBXC218 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]

[dochelp to bcc]

Hi, Matthieu,

I am working on three of your issues right now, including this one:

111020102754615: [MS-ADTS]: Behavior of windows with/without the \
                DS-Replication-Get-Changes-In-Filtered-Set right
111012761781621: [MS-DRSR] Dirsync control
111020105939834: [MS-ADTS]: Server behavior with dirsync control when the search base \
is not a root of a nc

Bryan




-----Original Message-----
From: Matthieu Patou [mailto:mat@samba.org] 
Sent: Thursday, February 10, 2011 1:43 PM
To: mat@samba.org
Cc: pfif@tridgell.net; Interoperability Documentation Help; cifs-protocol@samba.org
Subject: Re: [cifs-protocol] behavior of windows with/without the \
DS-Replication-Get-Changes-In-Filtered-Set right

Hi,

It seems I didn't have any news on this point.

Can you provide updates ?

Matthieu.
On 01/02/2011 01:35, Matthieu Patou wrote:
> Dear doc team,
> 
> This page,
> http://msdn.microsoft.com/en-us/library/cc223347%28v=prot.10%29.aspx,
> says:
> 
> "If the flag is not specified, the server MUST do the following:
> ....
> If the server is running Windows Server(r) 2008 operating system or 
> Windows Server(r) 2008 R2 operating system and the client has requested 
> any attributes in the filtered attribute set, the server checks that 
> the client has the DS-Replication-Get-Changes-In-Filtered-Set control 
> access right (section 7.1.1.2.7.71
> <http://msdn.microsoft.com/en-us/library/cc223657%28v=prot.10%29.aspx>
> ) or else returns the /insufficientAccessRights/ error to the client."
> 
> The flag that we are talking about is LDAP_SERVER_DIRSYNC_OID.
> I either have some problems to understand the meaning of "requested 
> any attributes in the filtered attribute set" or I have problems 
> requesting them or something else as I'm unable to test this 
> particular case.
> 
> In w2k8r2 I created a user and granted him DS-Replication-Get-Changes, 
> but not DS-Replication-Get-Changes-In-Filtered-Set so I'm expecting 
> that when I add the filter "(samaccountname=ad*)", in the ldap 
> request, that the system will reject my request but it's not so I'm 
> wondering what is exactly "the filtered attribute set" ? Can you 
> clarify this point ?
> 
> Regards.
> 
> Matthieu Patou.
> 


--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary



_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic