[cifs-protocol] [REG:110102774074009] "description" attribute in AD

Obaid Farooqi obaidf at microsoft.com
Fri Nov 12 09:58:07 MST 2010


Hi Matthias:

Attribute Description is described as multivalued is MS-ADA1 and as such allows addition of multiple values. There is a constraint on the modify operation as I communicated earlier.

Please let me know if this answers your question. If it does, I'll consider this issue resolved.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org] 
Sent: Thursday, November 11, 2010 2:00 AM
To: Obaid Farooqi
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:110102774074009] "description" attribute in AD

Hi Obaid,

exactly, that's true.
But why does the add operation allow it to be set multi-valued? Is there a reason? Or it's just a bug?

Greets,
Matthias

Obaid Farooqi wrote:
> Hi Matthias:
> We have finished our investigation on your question regarding attribute description. In a future release of MS-ADTS, the following bullet will be added at the end of section 3.1.1.5.3.2 Constraints:
>
> “If the modify operation adds or replaces values of the description attribute on a SAM-specific object (section 3.1.1.5.2.3), and results in more than one value in the attribute, then the modification fails with attributeOrValueExists / ERROR_DS_SINGLE_VALUE_CONSTRAINT”
>
> Please let me know if this answers your question. If it does, I’ll consider this issue resolved.
>
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
>
> -----Original Message-----
> From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
> Sent: Wednesday, October 27, 2010 3:11 PM
> To: Interoperability Documentation Help
> Cc: cifs-protocol at samba.org
> Subject: "description" attribute in AD
>
> Hi dochelp team,
>
> the "description" attribute in AD seems very special. Altough defined as multi-valued in the schema it's defacto single-valued.
>
> That means:
> - on LDAP entry add operations you are able to set it multi-valued
> - on LDAP entry change operations you aren't - e.g. if you try to replace it multi-valued or perform a multi-valued add you get ERR_ATTRIBUTE_ALREADY_EXISTS.
>
> As far as I know I didn't find much in the docs about this strange behaviour and as far as I can tell it only applies to "description". It would be nice to enhance MS-ADTS regarding it and to start some investigation if it wouldn't be better to really define it as single-valued in the schema.
>
> Greets,
> Matthias
>
> Microsoft is committed to protecting your privacy.  Please read the Microsoft Privacy Statement for more information.The above is an email for a support case from Microsoft Corp.REPLY ALL TO THIS MESSAGE or INCLUDE casemail at microsoft.com IN YOUR REPLY if you want your response added to the case automatically. For technical assistance, please include the Support Engineer on the TO: line. Thank you.
>
>    




More information about the cifs-protocol mailing list