[cifs-protocol] [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

Obaid Farooqi obaidf at microsoft.com
Sun Nov 23 11:46:54 MST 2014 

Hi Samuel:
In the filter 
wellKnownObjects:1.2.840.113556.1.4.1941:=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,<base DN>

As per documentation, the following rule applies:
If A is of Object(DN-String), Object(DN-Binary), Object(OR-Name), or Object(Access-Point) syntax, let V' equal the object_DN portion of V

So V' becomes CN=computers,<base DN> and the filter becomes:
wellKnownObjects:1.2.840.113556.1.4.1941:=CN=computers,<base DN>

Since the object CN=computers,<base DN> does not have any attribute wellKnownObjects, therefore no object is returned.

Please let me know it does not answer your question.


Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: "Obaid Farooqi" <obaidf at microsoft.com> 
Sent: Thursday, November 20, 2014 9:53 AM
To: "scabrero at zentyal.com" <scabrero at zentyal.com>
Cc: "cifs-protocol at samba.org" <cifs-protocol at samba.org>; "MSSolve Case Email" <casemail at microsoft.com>
Subject: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification

Hi Samuel: 
I am still looking into it and I'll be in touch as soon as I have an answer. 

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft 

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: "Tarun Chopra" <Tarun.Chopra at microsoft.com>
Sent: Thursday, November 13, 2014 11:48 AM
To: "scabrero at zentyal.com" <scabrero at zentyal.com>
Cc: "cifs-protocol at samba.org" <cifs-protocol at samba.org>; "MSSolve Case Email" <casemail at microsoft.com>; "Obaid Farooqi" <obaidf at microsoft.com>

Subject: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification 

Hello Samuel - I've transferred the ownership of this case to Obaid, in Cc. He will research and get back. 

-----Original Message-----
From: Tarun Chopra
Sent: Wednesday, November 12, 2014 1:57 PM
To: scabrero at zentyal.com
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: RE: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification 

Hello Samuel - 

I'm researching this for you and update you as I make progress. 

Thanks
Tarun Chopra. 

-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, November 12, 2014 9:33 AM
To: scabrero at zentyal.com
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: [REG:114111212024814] [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification 

[dochelp to bcc]
[+casemail] 

Samuel, 

Thank you for your question.  We created SR 114111212024814 to track this issue.  An engineer from the Protocols team will contact you soon.

Bryan 



-----Original Message-----
From: Samuel Cabrero [mailto:scabrero at zentyal.com]
Sent: Wednesday, November 12, 2014 3:45 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: [samba4][MS-ADTS] 3.1.1.3.4.4.3 - LDAP_MATCHING_RULE_TRANSITIVE_EVAL clarification 

Dear dochelp team, 

I am working on LDAP_MATCHING_RULE_TRANSITIVE_EVAL match rule implementation on samba and I have found that my tests fail against Windows Server 2008 R2 when the attribute value to match specified in the search filter has Object(DN-Binary) syntax, for example:

Search scope: Base
Search base DN: Domain base DN 

This filter returns one entry: 
wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,<ba
se 
DN> 

This filter does not return any entry: 
wellKnownObjects:1.2.840.113556.1.4.1941:=B:32:aa312825768811d1aded00c0
4fd8d5cd:CN=computers,<base 
DN> 

According to [MS-ADTS] Section 3.1.1.3.4.4.3 I understand that the
Object(DN-Binary) syntax should be handled in the match rule implementation. Should this search return the same entry that the one returned without the extended match?

Best Regards, 

--
Samuel Cabrero - Developer
scabrero at zentyal.com 

Zentyal - Active Exchange
www.zentyal.com

More information about the cifs-protocol mailing list