[cifs-protocol] RE: ANR and anr==andrew
obaidf at microsoft.com
Fri Oct 24 00:12:15 GMT 2008
Thanks for your reply.
Based on this, I consider the issue resolved. If you have any further question, please feel free to contact us.
Sr. SEE | Microsoft
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, October 10, 2008 1:47 PM
To: Obaid Farooqi
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: ANR and anr==andrew
On Mon, 2008-09-29 at 09:01 -0700, Obaid Farooqi wrote:
> Hi Andrew:
> We've concluded our investigation and future versions of the document will include a new rule that will be added as the first rule in item 6 of section 22.214.171.124.1.3.3 of [MS-ADTS]. The addition will appear in the future version of document. After addition, item 6 will look like the following. For brevity, I have only shown rule 1 and 2 for item 6. Rule 1 is new text and rule 2 is included for context.
> 6. For each LDAP search filter clause C of the form "(aNR=value)" or "(aNR~=value)" or
> "(aNR>=value)" or "(aNR<=value)" in F:
> 1. If value's first non-space character is an equal sign ("=") similar to "=value1" or " =value1",
> it is used for an exact string search instead of a substring search. Set "value" to "value1",
> apply the following steps in rule 6, and replace all the "value*" with "value".
> 2. If value does not contain any space characters, or if P1 is true and P2 is true, construct an
> LDAP search filter clause C' of the form "(|(A1=value*)...(An=value*))" if PLegacy is false, or
> of the form "(|(A1=value*)...(An=value*)(legacyExchangeDN=value)" if PLegacy is true.
> (This clause resolves to "true" for an object if value is a prefix of the value of any attribute in
> the ANR set on that object, except an exact match is always performed on the
> legacyExchangeDN attribute.)
I've not had a chance to verify the above, but it looks reasonable.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol