[cifs-protocol] RE: ANR and anr==andrew
abartlet at samba.org
Fri Oct 10 20:47:12 GMT 2008
On Mon, 2008-09-29 at 09:01 -0700, Obaid Farooqi wrote:
> Hi Andrew:
> We've concluded our investigation and future versions of the document will include a new rule that will be added as the first rule in item 6 of section 126.96.36.199.1.3.3 of [MS-ADTS]. The addition will appear in the future version of document. After addition, item 6 will look like the following. For brevity, I have only shown rule 1 and 2 for item 6. Rule 1 is new text and rule 2 is included for context.
> 6. For each LDAP search filter clause C of the form "(aNR=value)" or "(aNR~=value)" or
> "(aNR>=value)" or "(aNR<=value)" in F:
> 1. If value's first non-space character is an equal sign ("=") similar to "=value1" or " =value1",
> it is used for an exact string search instead of a substring search. Set "value" to "value1",
> apply the following steps in rule 6, and replace all the "value*" with "value".
> 2. If value does not contain any space characters, or if P1 is true and P2 is true, construct an
> LDAP search filter clause C' of the form "(|(A1=value*)...(An=value*))" if PLegacy is false, or
> of the form "(|(A1=value*)...(An=value*)(legacyExchangeDN=value)" if PLegacy is true.
> (This clause resolves to "true" for an object if value is a prefix of the value of any attribute in
> the ANR set on that object, except an exact match is always performed on the
> legacyExchangeDN attribute.)
I've not had a chance to verify the above, but it looks reasonable.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20081011/b468f4db/attachment.bin
More information about the cifs-protocol