[cifs-protocol] RE: Mapping of MS-LSAD onto LDAP and DRS replications

Richard Guthrie rguthrie at microsoft.com
Thu Jul 17 15:20:04 GMT 2008


I think I have some answers for you but I wanted to clarify the question first.  As I understand it, you are looking to get information on how objects sync’ed via Directory Replication Services (DRS) look to a receiving application, what is their layout, how are they exposed to the application that has requested the sync via a mechanism like IDL_DRSGetNCChanges in the DRSUAPI interface (MS-DRSR) with respect to privledge and access control structures.  For example, if one were to replicate permissions or privledges between two domain controllers, what would that permissions object look like to the receiving domain controller and what would an application like the Local Security Authority (LSA) running on a domain controller see, how would it access them.   Is this a correct interpretation of what you are looking for?

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted

From: Andrew Bartlett [abartlet at samba.org]
Sent: Monday, July 14, 2008 8:17 PM
To: Richard Guthrie
Cc: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: Mapping of MS-LSAD onto LDAP and DRS replications

On Fri, 2008-07-11 at 10:53 -0700, Richard Guthrie wrote:
> Andrew,
> I will be working with you to resolve your question.  I need to do
> some research on the MS-LSAD documentation, before we proceed to start
> resolving this issue, so that I accurately captured everything.  I
> will send you an update Monday with any questions I have based on that
> research.  Have a good weekend!

I should note that I'm particularly interested (as a first step, and
what made me ask this) in the mapping of 'privileges' onto LDAP
attributes.  The SAMR documentation would be a very good standard to aim
for, in terms of what a renewed document could look like.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list