[cifs-protocol] [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

Tarun Chopra Tarun.Chopra at microsoft.com
Thu Nov 13 10:47:31 MST 2014 

Hello Samuel - I've transferred the ownership of this case to Obaid, in Cc. He will research and get back.

-----Original Message-----
From: Tarun Chopra 
Sent: Wednesday, November 12, 2014 1:57 PM
To: scabrero at zentyal.com
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: RE: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

Hello Samuel - 

I'm researching this for you and update you as I make progress.

Thanks
Tarun Chopra.

-----Original Message-----
From: Bryan Burgin 
Sent: Wednesday, November 12, 2014 9:33 AM
To: scabrero at zentyal.com
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

[dochelp to bcc]
[+casemail]

Samuel,

Thank you for your question.  We created SR 114111212024814 to track this issue.  An engineer from the Protocols team will contact you soon.

Bryan



-----Original Message-----
From: Samuel Cabrero [mailto:scabrero at zentyal.com] 
Sent: Wednesday, November 12, 2014 3:45 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

Dear dochelp team,

I am working on LDAP_MATCHING_RULE_TRANSITIVE_EVAL match rule implementation on samba and I have found that my tests fail against Windows Server 2008 R2 when the attribute value to match specified in the search filter has Object(DN-Binary) syntax, for example:

Search scope: Base
Search base DN: Domain base DN

This filter returns one entry:
wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,<base 
DN>

This filter does not return any entry:
wellKnownObjects:1.2.840.113556.1.4.1941:=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,<base 
DN>

According to [MS-ADTS] Section 3.1.1.3.4.4.3 I understand that the
Object(DN-Binary) syntax should be handled in the match rule implementation. Should this search return the same entry that the one returned without the extended match?

Best Regards,

--
Samuel Cabrero - Developer
scabrero at zentyal.com

Zentyal - Active Exchange
www.zentyal.com

More information about the cifs-protocol mailing list