[cifs-protocol] RE: ANR and anr==andrew
obaidf at microsoft.com
Mon Sep 29 16:01:02 GMT 2008
We've concluded our investigation and future versions of the document will include a new rule that will be added as the first rule in item 6 of section 184.108.40.206.1.3.3 of [MS-ADTS]. The addition will appear in the future version of document. After addition, item 6 will look like the following. For brevity, I have only shown rule 1 and 2 for item 6. Rule 1 is new text and rule 2 is included for context.
6. For each LDAP search filter clause C of the form "(aNR=value)" or "(aNR~=value)" or
"(aNR>=value)" or "(aNR<=value)" in F:
1. If value's first non-space character is an equal sign ("=") similar to "=value1" or " =value1",
it is used for an exact string search instead of a substring search. Set "value" to "value1",
apply the following steps in rule 6, and replace all the "value*" with "value".
2. If value does not contain any space characters, or if P1 is true and P2 is true, construct an
LDAP search filter clause C' of the form "(|(A1=value*)...(An=value*))" if PLegacy is false, or
of the form "(|(A1=value*)...(An=value*)(legacyExchangeDN=value)" if PLegacy is true.
(This clause resolves to "true" for an object if value is a prefix of the value of any attribute in
the ANR set on that object, except an exact match is always performed on the
Sr. SEE, DSC Protocol Team, Microsoft
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, September 11, 2008 2:02 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: ANR and anr==andrew
In MS-ADTS 220.127.116.11.1.3.3 Ambiguous Name Resolution is described.
In this, the syntax and behaviour for 'anr=andrew' is defined, and
Samba4 implements this. However, we also have seen behaviour for 'anr==andrew'. However, I can't find this in the docs.
A URL describing some of this behaviour (Specific Match) is:
We thought we had this implemented, but when we fixed other bugs, our implementation would no longer pass our self-tests, and it has been abandoned pending clarification.
Can you provide me some more details on this behaviour?
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol