[cifs-protocol] Need some help with LDAP_SERVER_SD_FLAGS_OID control (SRX091119600169)

Bill Wesse billwe at microsoft.com
Thu Nov 19 13:27:39 MST 2009 

Nadya - I don't think the LDAP_SERVER_SD_FLAGS_OID control should have any effect during an add operation, since the flags for the control indicate which security descriptor parts to retrieve during a search, which should explain why LDAP_UNAVAILABLE_CRIT_EXTENSION is not being returned (assuming the add succeeded).

I have filed a TDI to obtain authoritative information concerning this, and will update you with results as they develop.

Could you advise me concerning how much this impacts progress on your implementation?

References:

[MS-ADTS] 3.1.1.3.4.1.11 LDAP_SERVER_SD_FLAGS_OID
http://msdn.microsoft.com/en-us/library/cc223323(PROT.13).aspx
   
The LDAP_SERVER_SD_FLAGS_OID control is used with an LDAP Search request to control the portion of a Windows Security Descriptor to retrieve.
   
LDAP_SERVER_SD_FLAGS_OID Control Code
http://msdn.microsoft.com/en-us/library/aa366987(VS.85).aspx

The security information flags indicate which security descriptor parts to retrieve during a search.

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Bill Wesse 
Sent: Thursday, November 19, 2009 2:07 PM
To: 'Nadezhda Ivanova'
Cc: cifs-protocol at samba.org
Subject: RE: Need some help with LDAP_SERVER_SD_FLAGS_OID control (SRX091119600169)

Hi Nadya - I will be your contact for this one. Here is the case number:

SRX091119600169: [MS-ADTS] 7.1.3.2 LDAP_SERVER_SD_FLAGS_OID

I will begin my investigation today!

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Nadezhda Ivanova [mailto:nadezhda.ivanova at postpath.com] 
Sent: Thursday, November 19, 2009 12:34 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Need some help with LDAP_SERVER_SD_FLAGS_OID control

Hello,
I have been working on the implementation of LDAP_SERVER_SD_FLAGS_OID in Samba, and I have a question. Is this control relevant for an LDAP add request? I have been testing against Win2008. Adding this control to the request does not seem to have any effect. When I set it to Critical, I do not get  LDAP_UNAVAILABLE_CRIT_EXTENSION, as described in http://msdn.microsoft.com/en-us/library/aa367025%28VS.85%29.aspx
At the same tine, in MS-ADTS, section 7.1.3.2 SD Flags Control, it says:
"When performing an LDAP operation (add, modify or search), the client may supply an SD flags
control LDAP_SERVER_SD_FLAGS_OID with the operation."

So, if the control is valid for an LDAP add, what should be the behavior?

Best Regards,
Nadezhda Ivanova

More information about the cifs-protocol mailing list