[cifs-protocol] Need some help with LDAP_SERVER_SD_FLAGS_OID control (SRX091119600169)
Bill Wesse
billwe at microsoft.com
Thu Nov 19 13:27:39 MST 2009
Nadya - I don't think the LDAP_SERVER_SD_FLAGS_OID control should have any effect during an add operation, since the flags for the control indicate which security descriptor parts to retrieve during a search, which should explain why LDAP_UNAVAILABLE_CRIT_EXTENSION is not being returned (assuming the add succeeded).
I have filed a TDI to obtain authoritative information concerning this, and will update you with results as they develop.
Could you advise me concerning how much this impacts progress on your implementation?
References:
[MS-ADTS] 3.1.1.3.4.1.11 LDAP_SERVER_SD_FLAGS_OID
http://msdn.microsoft.com/en-us/library/cc223323(PROT.13).aspx
The LDAP_SERVER_SD_FLAGS_OID control is used with an LDAP Search request to control the portion of a Windows Security Descriptor to retrieve.
LDAP_SERVER_SD_FLAGS_OID Control Code
http://msdn.microsoft.com/en-us/library/aa366987(VS.85).aspx
The security information flags indicate which security descriptor parts to retrieve during a search.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-----Original Message-----
From: Bill Wesse
Sent: Thursday, November 19, 2009 2:07 PM
To: 'Nadezhda Ivanova'
Cc: cifs-protocol at samba.org
Subject: RE: Need some help with LDAP_SERVER_SD_FLAGS_OID control (SRX091119600169)
Hi Nadya - I will be your contact for this one. Here is the case number:
SRX091119600169: [MS-ADTS] 7.1.3.2 LDAP_SERVER_SD_FLAGS_OID
I will begin my investigation today!
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-----Original Message-----
From: Nadezhda Ivanova [mailto:nadezhda.ivanova at postpath.com]
Sent: Thursday, November 19, 2009 12:34 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Need some help with LDAP_SERVER_SD_FLAGS_OID control
Hello,
I have been working on the implementation of LDAP_SERVER_SD_FLAGS_OID in Samba, and I have a question. Is this control relevant for an LDAP add request? I have been testing against Win2008. Adding this control to the request does not seem to have any effect. When I set it to Critical, I do not get LDAP_UNAVAILABLE_CRIT_EXTENSION, as described in http://msdn.microsoft.com/en-us/library/aa367025%28VS.85%29.aspx
At the same tine, in MS-ADTS, section 7.1.3.2 SD Flags Control, it says:
"When performing an LDAP operation (add, modify or search), the client may supply an SD flags
control LDAP_SERVER_SD_FLAGS_OID with the operation."
So, if the control is valid for an LDAP add, what should be the behavior?
Best Regards,
Nadezhda Ivanova
More information about the cifs-protocol
mailing list