[cifs-protocol] server behavior with dirsync control when the search base is not a root of a nc
Matthieu Patou
mat at samba.org
Mon Jan 31 14:42:30 MST 2011
Dear doc team,
I have some question related to the behavior of w2k8r2 vs what is
described in the docuementation.
MS-ADTS.pdf at paragraph "3.1.1.3.4.1.3LDAP_SERVER_DIRSYNC_OID" says:
"If the base of the search is not the root of an NC, the server will
return the error unwillingToPerform
([RFC2251] section 4.1.10). If the search scope is not subtree scope,
the server will treat the search
as if subtree scope was specified."
If I do a search with ldbsearch with LDAP_DIRSYNC_OBJECT_SECURITY not
set like this on the base "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net":
mat at ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch
--controls="dirsync:1:0:1000" -H ldap://172.16.100.25 -U
administrator%totoTATA123 '(samaccountname=simple)' -b
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"
I get
search error - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -
<00002105: LdapErr: DSID-0C0908C0, comment: Error processing control,
data 0, v1db0> <>
I suppose I should have unwilling_to_perform
If I set the LDAP_DIRSYNC_OBJECT_SECURITY flag with the same user and
the same base:
mat at ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch
--controls="dirsync:1:1:1000" -H ldap://172.16.100.25 -U
administrator%totoTATA123 '(samaccountname=simple)' -b
"CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"
Then I correctly get the "unwilling_to_perform" error.
search error - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020F7:
LdapErr: DSID-0C0908F3, comment: Error processing control, data 0, v1db0> <>
Can you explain if I missed something in the doc or if the doc is not
accurate ?
Regards
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the cifs-protocol
mailing list