[cifs-protocol] [REG:111012761781621] Dirsync control

Matthieu Patou mat at samba.org
Wed Feb 23 23:54:53 MST 2011


Hi Bryan,
On 22/02/2011 01:52, Bryan Burgin wrote:
> Hi, Matthieu,
>
> I'm working through your three DIRSYNC issues.  Regarding this one, I have an inquiry filed with the product group for more clarification.  I also see that [MS-ADTS] 3.1.1.3.4.1.3 "LDAP_SERVER_DIRSYNC_OID" specifies bytes as well.  However, elsewhere I'm also seeing number of attributes.
>
> I do see notes in our code that comes close to the "The key value seems to be around 1000000 (1050000 more exactly)" observation that you cited.  I'm finding #define MAX_ATTIBUTES 1048576, which is a more natural (in Base 2 terms) number of 0x100000.
Well it seems more to be the minimum value for the maximum attributes, 
like if you specify a value smaller than this you will have at most 
1058576 attributes.
> When you did your experiment with "schema" using 200000 (returning 464 results) and 2000000 (returning 879 results), how many bytes were returned?  This observation might suggest 'size' is a byte count, depending on your answer.
Well that's pretty hard to say as our tool tend to refromat some data to 
make them easier to read (ie. SIDs, Security Descriptors, binary blobs, 
...).
So is this a "size" or a "maximum # of attributes" ?

Matthieu
> I'll respond more when I get feedback from the product group.  If you have an update on your end, please let me know.
>
> Bryan
>
> -----Original Message-----
> From: Matthieu Patou [mailto:mat at samba.org]
> Sent: Monday, January 31, 2011 12:06 PM
> To: Bryan Burgin
> Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
> Subject: Re: [REG:111012761781621] Dirsync control
>
> Hi Bryan,
>
> So let's look at
> ./bin/ldbsearch --controls="dirsync:1:0:20000" -H ldap://172.16.100.25 -U administrator%totoTATA123 ./bin/ldbsearch --controls="dirsync:1:0:200000" -H ldap://172.16.100.25 -U administrator%totoTATA123 ./bin/ldbsearch --controls="dirsync:1:0:2000000" -H ldap://172.16.100.25 -U administrator%totoTATA123
>
> So ldbsearch is our tool to do ldap request.
>
> --controls="dirsync:1:0:200000" is to add the DIRSYNC control to the request, after the first colon there is parameters for the control, each seperated by colon. The first one is the critical/non-critical indicator (here critical), the second one is the flags (LDAP_DIRSYNC_OBJECT_SECURITY, ...) (here we don't have any), the third is the size/maxAttributeCount (here 200000) and the forth one is the cookie itself encoded in base64 (here absent).
>
>
> It is ok like this ? Feel free to ping me if you need more infos.
>
> Matthieu
>
>
> On 28/01/2011 01:41, Bryan Burgin wrote:
>> Hi, Matthieu,
>>
>> I can help you with this.  Let me do some preliminary research.  Can you send more info re the command line arguments of your ./bin/ldbsearch tool so that I can replicate it with our LDP tool?
>>
>> Bryan
>>
>> -----Original Message-----
>> From: Obaid Farooqi
>> Sent: Thursday, January 27, 2011 9:13 AM
>> To: mat at samba.org
>> Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
>> Subject: RE:[REG:111012761781621] Dirsync control
>>
>> Hi Matthieu:
>> Thank you for contacting Microsoft regarding your question about MS-DRSR. A member of protocol documentation team will be in touch soon.
>>
>> Regards,
>> Obaid Farooqi
>> Escalation Engineer | Microsoft
>>
>> -----Original Message-----
>> From: Matthieu Patou [mailto:mat at samba.org]
>> Sent: Thursday, January 27, 2011 3:43 AM
>> To: pfif at tridgell.net; cifs-protocol at samba.org; Interoperability
>> Documentation Help
>> Subject: Dirsync control
>>
>> Hello Doc team,
>>
>> I'm starting to work on the implementation of the dirsync control for samba4.
>>
>> I've got some questions about the maxsize parameter in the dirsync
>> control
>>
>> Paragraph 5.112.1.5 DirSyncControlValue of DRSR.pdf says
>>
>> size: In the request control value, this field indicates the maximum number of bytes expected in the reply. In the reply control value, it is set to 0.
>>
>> But quite a lot pages on msdn like
>> http://msdn.microsoft.com/en-us/library/Aa366978, says
>> maxAttributeCounmaxAttributeCount
>> t: Specifies the maximum number of attributes to return.
>> This value may also be used to limit the amount of data returned.
>>
>> What is the good definition ?
>>
>> Also it seems that lower value limit so that if you specify a size (or
>> maxAttributeCount) smaller than that value it's ignored, I discovered this by doing like this:
>> ./bin/ldbsearch --controls="dirsync:1:0:200" -H ldap://172.16.100.25
>> -U
>> administrator%totoTATA123
>> ./bin/ldbsearch --controls="dirsync:1:0:2000" -H ldap://172.16.100.25
>> -U
>> administrator%totoTATA123
>> ./bin/ldbsearch --controls="dirsync:1:0:20000" -H ldap://172.16.100.25
>> -U administrator%totoTATA123 ./bin/ldbsearch
>> --controls="dirsync:1:0:200000" -H ldap://172.16.100.25 -U
>> administrator%totoTATA123 ./bin/ldbsearch
>> --controls="dirsync:1:0:2000000" -H ldap://172.16.100.25 -U
>> administrator%totoTATA123
>>
>>     As in every case the same amount of data is returned.
>>
>> When trying with another bigger partition: schema
>>
>> ./bin/ldbsearch --controls="dirsync:1:0:200000" -H ldap://172.16.100.25 -U administrator%totoTATA123  -b
>> "CN=Schema,CN=Configuration,DC=w2k8r2,DC=home,DC=matws,DC=net"   yield
>> 464 results
>>
>> ./bin/ldbsearch --controls="dirsync:1:0:2000000" -H
>> ldap://172.16.100.25 -U administrator%totoTATA123  -b
>> "CN=Schema,CN=Configuration,DC=w2k8r2,DC=home,DC=matws,DC=net"  yield
>> 879 results
>>
>> The key value seems to be around 1000000 (1050000 more exactly), can you confirm if there is a lower value, and if any upper value ? And if so is it implementation dependent.
>>
>> Also it seems that even if I specify a size of 2MiB (2 * 10^6 Bytes) the result size in way bellow this limit, how the size is calculated then ?
>>
>> Regards.
>>
>> Matthieu
>>
>>
>>
>>
>> --
>> Matthieu Patou
>> Samba Team        http://samba.org
>> Private repo      http://git.samba.org/?p=mat/samba.git;a=summary	
>>
>>
>>
>> Microsoft is committed to protecting your privacy.  Please read the Microsoft Privacy Statement for more information.The above is an email for a support case from Microsoft Corp.REPLY ALL TO THIS MESSAGE or INCLUDE casemail at microsoft.com IN YOUR REPLY if you want your response added to the case automatically. For technical assistance, please include the Support Engineer on the TO: line. Thank you.
>>
>
> --
> Matthieu Patou
> Samba Team        http://samba.org
> Private repo      http://git.samba.org/?p=mat/samba.git;a=summary
>
>
>


-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary




More information about the cifs-protocol mailing list