[cifs-protocol] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation
Andrew Bartlett
abartlet at samba.org
Thu Dec 4 17:53:14 MST 2014
4.1.8.3 Server Behavior of the IDL_DRSGetMemberships Method
The pseudo-code has this hunk in it:
/* Calculate all other cases (where op ≠ GroupMembersInTransitive).*/
transitive := op in {RevMembGetAccountGroups,
RevMembGetResourceGroups,
RevMembGetUniversalGroups}
However, it does not list RevMembGetGroupsForUser referenced in MS-ADTS
3.1.1.4.5.19 tokenGroups, tokenGroupsNoGCAcceptable, which is clearly a
transitive operation, as it says:
These two computed attributes return the set of SIDs from a transitive
group membership expansion operation on a given object.
Can you confirm the docs are incorrect, and that RevMembGetGroupsForUser
should be in that list?
Thanks,
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list