[cifs-protocol] [REG:111020105939834] RE: server behavior with dirsync control when the search base is not a root of a nc

Tom Jebo tomjebo at microsoft.com
Mon Jan 31 18:46:15 MST 2011 

Hi Matthieu, 

I've created case 111020105939834 for this and one of the Open Specification team will contact you shortly to start working with you on this problem.

Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications


-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Monday, January 31, 2011 4:43 PM
To: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: server behavior with dirsync control when the search base is not a root of a nc

Dear doc team,

I have some question related to the behavior of w2k8r2 vs what is described in the docuementation.

MS-ADTS.pdf at paragraph "3.1.1.3.4.1.3LDAP_SERVER_DIRSYNC_OID" says:

"If the base of the search is not the root of an NC, the server will return the error unwillingToPerform ([RFC2251] section 4.1.10). If the search scope is not subtree scope, the server will treat the search as if subtree scope was specified."


If I do a search with ldbsearch with LDAP_DIRSYNC_OBJECT_SECURITY not set  like this on the base "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net":
mat at ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:0:1000" -H ldap://172.16.100.25 -U
administrator%totoTATA123 '(samaccountname=simple)' -b "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"

I get
search error - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -
<00002105: LdapErr: DSID-0C0908C0, comment: Error processing control, data 0, v1db0> <>

I suppose I should have unwilling_to_perform


If I set the LDAP_DIRSYNC_OBJECT_SECURITY flag with the same user and the same base:
mat at ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:1:1000" -H ldap://172.16.100.25 -U
administrator%totoTATA123 '(samaccountname=simple)' -b "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net"

Then I correctly get the "unwilling_to_perform" error.
search error - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020F7: 
LdapErr: DSID-0C0908F3, comment: Error processing control, data 0, v1db0> <>


Can you explain if I missed something in the doc or if the doc is not accurate ?

Regards
Matthieu.


--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the cifs-protocol mailing list