[cifs-protocol] attributes for schema object stored even when not specified in the ADD request
Matthieu Patou
mat at samba.org
Tue Apr 3 00:41:54 MDT 2012
Hello Dochelp,
Last week we were trying to setup exchange 2010 with samba 4 as a DC and
failed.
The reason is that samba 4 didn't accept for the moment the creation of
a class object in the schema without subclassof attribute.
It's packet 126 and 127 in the attached capture called
exchange_setup_s4_failed.cap.
This week-end I tried to setup exchange 2010 with Windows 2003R2 and
noticed that exchange is sending almost the same ADD request to Windows
2003R2 (packet 71 of exchange_prepare_ldap.cap) and if I look at the
resulting object it has a subClassOf attribute
./bin/ldbsearch -H ldap://172.16.100.254 -U administrator%totoTATA123 -b
"CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,DC=home,DC=matws,DC=net"
# record 1
dn:
CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,DC=home,DC=matws,DC=net
objectClass: top
objectClass: classSchema
cn: ms-Exch-IM-Firewall
distinguishedName:
CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2
,DC=samba,DC=home,DC=matws,DC=net
instanceType: 4
whenCreated: 20120401041129.0Z
whenChanged: 20120401041129.0Z
possSuperiors: msExchIMGlobalSettingsContainer
uSNCreated: 41030
subClassOf: top
governsID: 1.2.840.113556.1.5.7000.62.7015
mustContain: msExchIMFirewallType
mayContain: portNumber
mayContain: msExchIMProxy
mayContain: msExchIMIPRange
mayContain: flags
rDNAttID: cn
uSNChanged: 41030
showInAdvancedViewOnly: TRUE
adminDisplayName: ms-Exch-IM-Firewall
adminDescription: ms-Exch-IM-Firewall
auxiliaryClass: msExchBaseClass
objectClassCategory: 1
lDAPDisplayName: msExchIMFirewall
name: ms-Exch-IM-Firewall
objectGUID: 7d8ab41e-e144-4e89-98ba-2f52d211b17b
schemaIDGUID: 9f116ebe-284e-11d3-aa68-00c04f8eedd8
systemOnly: FALSE
defaultSecurityDescriptor: D:S:
defaultHidingValue: TRUE
objectCategory:
CN=Class-Schema,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,
DC=home,DC=matws,DC=net
defaultObjectCategory:
CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2
k3r2,DC=samba,DC=home,DC=matws,DC=net
Analysis of the replpropertymetadata shows that this attribute (among
others) is really stored in the the AD database.
I searched the MS-ADTS and didn't find any rule for setting subClassOf
to a default value if none has been specified in the Add request.
Is the rule that if subClassOf attribute is not specified then this
attribute should default to "top" ?
While investigating on this I found two other attributes created but not
specified
* showInAdvancedViewOnly
* defaultObjectCategory
I didn't found rules also for those two attributes. It seems that the
rules for defaultObjectCategory is that if the created object is of
class "classSchema" then defaultObjectCategory=distinguishedName. For
showInAdvancedViewOnly, the rule seems to be that if it's "classSchema"
or a "attributeSchema" then it is set to true.
To sum up can you indicate me what's going on with the creation of those
attributes ?
Thanks.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exchange_setup_s4_failed.cap
Type: application/cap
Size: 162912 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120402/9591eea9/attachment-0002.cap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exchange_prepare_ldap.cap
Type: application/cap
Size: 43592 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120402/9591eea9/attachment-0003.cap>
More information about the cifs-protocol
mailing list