[cifs-protocol] [REG:114120512128317] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation
Bryan Burgin
bburgin at microsoft.com
Fri Dec 5 00:04:17 MST 2014
[dochelp to bcc]
[+casemail]
Hi Andrew,
Thank you for your question. We created SR 114120512128317 to track this issue. Obaid will work with you on this and will contact you soon.
Bryan
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, December 4, 2014 4:53 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation
4.1.8.3 Server Behavior of the IDL_DRSGetMemberships Method
The pseudo-code has this hunk in it:
/* Calculate all other cases (where op ≠ GroupMembersInTransitive).*/ transitive := op in {RevMembGetAccountGroups, RevMembGetResourceGroups, RevMembGetUniversalGroups}
However, it does not list RevMembGetGroupsForUser referenced in MS-ADTS
3.1.1.4.5.19 tokenGroups, tokenGroupsNoGCAcceptable, which is clearly a transitive operation, as it says:
These two computed attributes return the set of SIDs from a transitive group membership expansion operation on a given object.
Can you confirm the docs are incorrect, and that RevMembGetGroupsForUser should be in that list?
Thanks,
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list