'Re: [cifs-protocol] [REG:117121117303710] Missing and duplicate rightGuid values for Extended Rights'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol] [REG:117121117303710] Missing and duplicate rightGuid values for Extended Rights
From:       Edgar Olougouna via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date:       2017-12-22 7:16:56
Message-ID: CY4PR21MB050488E27CC712DD89EB06D1DB020 () CY4PR21MB0504 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]

Andrew,
Upon review, it has been concluded that there should not be any need for an Active \
Directory protocols implementer to compile a complete list of specific displayName \
values from MS-ADTS. If there's any MS-ADTS document update, it will only \
re-emphasize the fact that the displayName is implementation-specific information \
meant for human consumption, and as a result does not have any protocol significance. \
The non-Windows implementation can and should simply replicate these when their DC is \
added to the existing Windows AD domain.   We believe the replicated data from a \
Microsoft DC is sufficient. However, you can also get and use the data from the \
informative sources that you are already aware of. These are the following: \
https://msdn.microsoft.com/en-us/library/ms680945(v=vs.85).aspx and
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/schema-updates

Thanks,
Edgar

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet@samba.org] 
Sent: Wednesday, December 13, 2017 7:46 PM
To: Edgar Olougouna <edgaro@microsoft.com>; cifs-protocol@lists.samba.org
Cc: MSSolve Case Email <casemail@microsoft.com>
Subject: Re: [REG:117121117303710] Missing and duplicate rightGuid values for \
Extended Rights in MS-ADTS

On Wed, 2017-12-13 at 22:38 +0000, Edgar Olougouna wrote:
> Andrew,
> Regarding this statement "RE: Some (for property sets) can be found in 
> other tables, but they should be listed under each right."
> Can you help me find the section (s) where "some" DisplayName (s) are 
> documented? I have been combing through MS-ADTS. Are you referring to 
> "Control access right symbol" in the table in 5.1.3.2.1 Control Access 
> Rights?

No, I used 3.1.1.2.3.3 Property Set.

> Besides, I'd like to make sure we are on the same page and are having 
> the right conversation. What is the protocol relevance of DisplayName? 
> Or are you suggesting that we consider including displayName for each 
> extended right?

At this point the latter, I'm suggesting the displayName should be included with each \
extended right. 

As the purpose of the objects is to provide strings to the user interface we are \
trying not to confuse users by having different visible names for the same \
permissions. 

Thanks,

Andrew Bartlett

> Thanks,
> Edgar
> 
> -----Original Message-----
> From: Edgar Olougouna
> Sent: Monday, December 11, 2017 3:55 PM
> To: Andrew Bartlett <abartlet@samba.org>; 
> cifs-protocol@lists.samba.org
> Cc: MSSolve Case Email <casemail@corp.microsoft.com>
> Subject: [REG:117121117303710] Missing and duplicate rightGuid values 
> for Extended Rights in MS-ADTS
> 
> [bcc dochelp, + cc casemail]
> Hello Andrew,
> We have created the case number 117121117303710 to track this inquiry. I will \
> review this and follow-up with you as soon as I have an update. 
> Thanks,
> Edgar
> 
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet@samba.org]
> Sent: Monday, December 11, 2017 2:51 PM
> To: cifs-protocol@lists.samba.org; Interoperability Documentation Help 
> <dochelp@microsoft.com>
> Subject: Missing and duplicate rightGuid values for Extended Rights in 
> MS-ADTS
> 
> As you know, I've been working to update our extended rights in Samba, and have \
> been using the MS-ADTS document as the reference, combined with the adprep ldif \
> from WindowsServerDocs (which is more complete). 
> Aside from the already-discussed missing localizationDisplayId and validAccesses, \
> claimed as 'implementation specific', the other thing that is missing compared with \
> the adprep LDIF, even from the template in 6.1.1.2.7.1 controlAccessRight objects, \
> is the displayName.  Some (for property sets) can be found in other tables, but \
> they should be listed under each right.  
> Can the docs please be updated to include displayName?
> 
> Thanks,
> 
> Andrew Bartlett
> 
> 
> --
> Andrew Bartlett
> https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet \
> %2F&data=04%7C01%7Cdochelp%40windows.microsoft.com%7C07e31fc18ba34b0db42f08d540d8d47 \
> 4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636486222390282071%7CUnknown%7CTWFpbG \
> Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=ZDCDXF03YYmiwM09cYCxpBli69l7nVKkkPr0DxDETf0%3D&reserved=0
>  Authentication Developer, Samba Team         \
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=04%7 \
> C01%7Cdochelp%40windows.microsoft.com%7C07e31fc18ba34b0db42f08d540d8d474%7C72f988bf8 \
> 6f141af91ab2d7cd011db47%7C1%7C0%7C636486222390282071%7CUnknown%7CTWFpbGZsb3d8eyJWIjo \
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=X67LhmVbz57eZrlReU50TVjyOlrcfIqH8QH4cKK8qJo%3D&reserved=0
>  Samba Development and Support, Catalyst IT   
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatal
> yst.net.nz%2Fservices%2Fsamba&data=04%7C01%7Cdochelp%40windows.microso
> ft.com%7C07e31fc18ba34b0db42f08d540d8d474%7C72f988bf86f141af91ab2d7cd0
> 11db47%7C1%7C0%7C636486222390282071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=MtWdPN59
> h1kB3b%2FTU1RE3QV98rBb%2BHiWp1oKFhgrbDk%3D&reserved=0
> 
> 
> 
> 
> 
--
Andrew Bartlett
https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet%2 \
F&data=04%7C01%7Cedgaro%40microsoft.com%7C48c1ea9fb73c441ce75d08d5429463ae%7C72f988bf8 \
6f141af91ab2d7cd011db47%7C1%7C0%7C636488127450979074%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM \
C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=4oDAWNBvmM%2FmTlC%2BMYiiT%2F4dkFTMgNOj1JbV%2F%2FD3JTA%3D&reserved=0
 Authentication Developer, Samba Team         \
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=04%7C0 \
1%7Cedgaro%40microsoft.com%7C48c1ea9fb73c441ce75d08d5429463ae%7C72f988bf86f141af91ab2d \
7cd011db47%7C1%7C0%7C636488127450979074%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC \
JQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=0T8UdALP7KTEZE%2B15SohjC9OGsAHlNf1szQgp9kQpc4%3D&reserved=0
 Samba Development and Support, Catalyst IT   
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fser \
vices%2Fsamba&data=04%7C01%7Cedgaro%40microsoft.com%7C48c1ea9fb73c441ce75d08d5429463ae \
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636488127450979074%7CUnknown%7CTWFpbGZsb \
3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=Os3ICYNwxCAprHCNBZtLkyMcisq3Rpi54Mo0r4m0EEg%3D&reserved=0

_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

[prev in list] [next in list] [prev in thread] [next in thread] 