[cifs-protocol] RE: ANR and anr==andrew

Obaid Farooqi obaidf at microsoft.com
Mon Sep 29 16:01:02 GMT 2008

Hi Andrew:
We've concluded our investigation and future versions of the document will include a new rule that will be added as the first rule in item 6 of section of [MS-ADTS]. The addition will appear in the future version of document. After addition, item 6 will look like the following. For brevity, I have only shown rule 1 and 2 for item 6. Rule 1 is new text and rule 2 is included for context.

6. For each LDAP search filter clause C of the form "(aNR=value)" or "(aNR~=value)" or
   "(aNR>=value)" or "(aNR<=value)" in F:

   1. If value's first non-space character is an equal sign ("=") similar to "=value1" or " =value1",
      it is used for an exact string search instead of a substring search. Set "value" to "value1",
      apply the following steps in rule 6, and replace all the "value*" with "value".

   2. If value does not contain any space characters, or if P1 is true and P2 is true, construct an
      LDAP search filter clause C' of the form "(|(A1=value*)...(An=value*))" if PLegacy is false, or
      of the form "(|(A1=value*)...(An=value*)(legacyExchangeDN=value)" if PLegacy is true.
      (This clause resolves to "true" for an object if value is a prefix of the value of any attribute in
      the ANR set on that object, except an exact match is always performed on the
      legacyExchangeDN attribute.)

Obaid Farooqi
Sr. SEE, DSC Protocol Team, Microsoft

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, September 11, 2008 2:02 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: ANR and anr==andrew

In MS-ADTS Ambiguous Name Resolution is described.

In this, the syntax and behaviour for 'anr=andrew' is defined, and
Samba4 implements this.  However, we also have seen behaviour for 'anr==andrew'.  However, I can't find this in the docs.

A URL describing some of this behaviour (Specific Match) is:


We thought we had this implemented, but when we fixed other bugs, our implementation would no longer pass our self-tests, and it has been abandoned pending clarification.

Can you provide me some more details on this behaviour?


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list