[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [REG:111020102754615] behavior of windows
From: Matthieu Patou <mat () samba ! org>
Date: 2011-02-24 6:24:23
Message-ID: 4D65F997.80105 () samba ! org
[Download RAW message or body]
Hi Bryan,
On 24/02/2011 01:21, Bryan Burgin wrote:
> Regarding this issue "what is exactly 'the filtered attribute set'?", I'm going to \
> go ahead and close this incident since I didn't hear back. However, if there are \
> lingering questions please let me know.
> As for your question re DIRSYNC DirSyncControlValue size byte count v attribute \
> count and upper/lower limits (the second of your three DIRSYNC questions), I found \
> some information (and provided you that information separately). Ifiled a request \
> with the product group with my observations to get their clarification. I'll send \
> you more information when I get it.
Ok thanks.
> Regarding your third issue "server behavior with dirsync control when the search \
> base is not a root of a nc"/receive LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHT \
> when LDAP_DIRSYNC_OBJECT_SECURITY not set and LDAP error 53 \
> LDAP_UNWILLING_TO_PERFORM when set: I'll send you separate mail.
Ok.
So I should expect news on this soon.
Thanks for your help.
Matthieu.
> Bryan
>
> -----Original Message-----
> From: Bryan Burgin
> Sent: Friday, February 18, 2011 1:40 PM
> To: 'mat@samba.org'; 'pfif@tridgell.net'; 'cifs-protocol@samba.org'
> Cc: MSSolve Case Email
> Subject: RE: [REG:111020102754615] behavior of windows with/without the \
> DS-Replication-Get-Changes-In-Filtered-Set right
>
> Sorry for the delay in this. Re "what is exactly 'the filtered attribute set'"? \
> The term "filtered attribute set" is mentioned several times in [MS-ADTS] and are \
> discussed at [MS-ADA3] 2.233 "Attribute serachFlags" as fRODCFilteredAttribute and \
> [MS-ADTS] 2.2.9 "Search Flags" RO (fRODCFilteredAttribute, 0x00000200): Specifies \
> that the attribute is a member of the filtered attribute set.
> Bryan
>
>
>
> -----Original Message-----
> From: Matthieu Patou [mailto:mat@samba.org]
> Sent: Monday, January 31, 2011 2:35 PM
> To: pfif@tridgell.net; Interoperability Documentation Help; cifs-protocol@samba.org
> Subject: behavior of windows with/without the \
> DS-Replication-Get-Changes-In-Filtered-Set right
> Dear doc team,
>
> This page,
> http://msdn.microsoft.com/en-us/library/cc223347%28v=prot.10%29.aspx, says:
>
> "If the flag is not specified, the server MUST do the following:
> ....
> If the server is running Windows Server(r) 2008 operating system or Windows \
> Server(r) 2008 R2 operating system and the client has requested any attributes in \
> the filtered attribute set, the server checks that the client has the \
> DS-Replication-Get-Changes-In-Filtered-Set control access right (section \
> 7.1.1.2.7.71 <http://msdn.microsoft.com/en-us/library/cc223657%28v=prot.10%29.aspx>)
> or else returns the /insufficientAccessRights/ error to the client."
>
> The flag that we are talking about is LDAP_SERVER_DIRSYNC_OID.
> I either have some problems to understand the meaning of "requested any attributes \
> in the filtered attribute set" or I have problems requesting them or something else \
> as I'm unable to test this particular case.
> In w2k8r2 I created a user and granted him DS-Replication-Get-Changes, but not \
> DS-Replication-Get-Changes-In-Filtered-Set so I'm expecting that when I add the \
> filter "(samaccountname=ad*)", in the ldap request, that the system will reject my \
> request but it's not so I'm wondering what is exactly "the filtered attribute set" \
> ? Can you clarify this point ?
> Regards.
>
> Matthieu Patou.
>
> --
> Matthieu Patou
> Samba Team http://samba.org
> Private repo http://git.samba.org/?p=mat/samba.git;a=summary
>
>
>
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic