[cifs-protocol] attributes for schema object stored even when not specified in the ADD request

Matthieu Patou mat at samba.org
Thu Apr 5 17:05:22 MDT 2012


Hello  Sebastian,

On 04/05/2012 03:22 PM, Sebastian Canevari wrote:
> Hi Matt,
>
>
>
> With regards to subClassof, if no value is provided, the attribute is defaulted to top.
>
>
> For showinadvancedviewonly, [MS-ADTS] Section 3.1.1 specifies:
>
>    If the showInAdvancedViewOnly value was not provided by the requester and the defaultHidingValue of the objectClass is true, then the showInAdvancedViewOnly attribute value is set to true.
>
>
>
> In relation to defaultObjectCategory, if no value is provided, then the attribute is set to itself.
>
>
> I’ll be creating a TDI to discuss with the product group if and how we can document this.
So I understand well there is two potential documentation to add for 
defaultObjectCategory and for subClassOf, am I right ?

Thanks.

Matthieu.
> Please let me know if this answers your questions.
>
> Thanks and regards,
>
> Sebastian
>
>
>
> Sebastian Canevari | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
> P +1 469 775 7849
> One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com
>
>
> -----Original Message-----
> From: Sebastian Canevari
> Sent: Tuesday, April 03, 2012 3:05 PM
> To: mat at samba.org
> Subject: RE: attributes for schema object stored even when not specified in the ADD request
>
> Hi Matt,
>
> I will be helping you with this case.
>
> I'll let you know as soon as I have news or questions.
>
> Thanks and regards,
>
> Sebastian
>
> Sebastian Canevari | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
>
> P +1 469 775 7849
> One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com
>
> ________________________________________
> From: Matthieu Patou [mat at samba.org]
> Sent: Tuesday, April 03, 2012 12:58 PM
> To: Interoperability Documentation Help; Interoperability Documentation Help
> Subject: Fwd: attributes for schema object stored even when not specified in the ADD request
>
> -------- Original Message --------
> Subject:        attributes for schema object stored even when not specified in
> the ADD request
> Date:   Mon, 02 Apr 2012 23:41:54 -0700
> From:   Matthieu Patou<mat at samba.org>
> Reply-To:       mat at samba.org
> To:     pfif at tridgell.net<pfif at tridgell.net>, cifs-protocol at samba.org
> <cifs-protocol at samba.org>, Interoperability Documentation Help<dochelp at winse.microsoft.com>
>
>
>
> Hello Dochelp,
>
> Last week we were trying to setup exchange 2010 with samba 4 as a DC and failed.
> The reason is that samba 4 didn't accept for the moment the creation of a class object in the schema without subclassof attribute.
>
> It's packet 126 and 127 in the attached capture called exchange_setup_s4_failed.cap.
>
> This week-end I tried to setup exchange 2010 with Windows 2003R2 and noticed that exchange is sending almost the same ADD request to Windows
> 2003R2 (packet 71 of exchange_prepare_ldap.cap) and if I look at the resulting object it has a subClassOf attribute
>
>
> ./bin/ldbsearch -H ldap://172.16.100.254 -U administrator%totoTATA123 -b "CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,DC=home,DC=matws,DC=net"
> # record 1
> dn:
> CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,DC=home,DC=matws,DC=net
> objectClass: top
> objectClass: classSchema
> cn: ms-Exch-IM-Firewall
> distinguishedName:
> CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2k3r2
>     ,DC=samba,DC=home,DC=matws,DC=net
> instanceType: 4
> whenCreated: 20120401041129.0Z
> whenChanged: 20120401041129.0Z
> possSuperiors: msExchIMGlobalSettingsContainer
> uSNCreated: 41030
> subClassOf: top
> governsID: 1.2.840.113556.1.5.7000.62.7015
> mustContain: msExchIMFirewallType
> mayContain: portNumber
> mayContain: msExchIMProxy
> mayContain: msExchIMIPRange
> mayContain: flags
> rDNAttID: cn
> uSNChanged: 41030
> showInAdvancedViewOnly: TRUE
> adminDisplayName: ms-Exch-IM-Firewall
> adminDescription: ms-Exch-IM-Firewall
> auxiliaryClass: msExchBaseClass
> objectClassCategory: 1
> lDAPDisplayName: msExchIMFirewall
> name: ms-Exch-IM-Firewall
> objectGUID: 7d8ab41e-e144-4e89-98ba-2f52d211b17b
> schemaIDGUID: 9f116ebe-284e-11d3-aa68-00c04f8eedd8
> systemOnly: FALSE
> defaultSecurityDescriptor: D:S:
> defaultHidingValue: TRUE
> objectCategory:
> CN=Class-Schema,CN=Schema,CN=Configuration,DC=w2k3r2,DC=samba,
>     DC=home,DC=matws,DC=net
> defaultObjectCategory:
> CN=ms-Exch-IM-Firewall,CN=Schema,CN=Configuration,DC=w2
>     k3r2,DC=samba,DC=home,DC=matws,DC=net
>
> Analysis of the replpropertymetadata shows that this attribute (among
> others) is really stored in the the AD database.
>
> I searched the MS-ADTS and didn't find any rule for setting subClassOf to a default value if none has been specified in the Add request.
> Is the rule that if subClassOf attribute is not specified then this attribute should default to "top" ?
>
> While investigating on this I found two other attributes created but not specified
> * showInAdvancedViewOnly
> * defaultObjectCategory
>
> I didn't found rules also for those two attributes. It seems that the rules for defaultObjectCategory is that if the created object is of class "classSchema" then defaultObjectCategory=distinguishedName. For showInAdvancedViewOnly, the rule seems to be that if it's "classSchema"
> or a "attributeSchema" then it is set to true.
>
> To sum up can you indicate me what's going on with the creation of those attributes ?
>
> Thanks.
>
> Matthieu
>
> --
> Matthieu Patou
> Samba Team
> http://samba.org


-- 
Matthieu Patou
Samba Team
http://samba.org



More information about the cifs-protocol mailing list