[cifs-protocol] Extended rights as LDIF

Garming Sam garming at catalyst.net.nz
Mon Nov 20 21:59:52 UTC 2017 

Just wanted to add that the omitted validAccesses attribute (on these
extended rights) is probably more significant because it implies
different access control behavior. The information it stores seems to be
more than for use in the administrative tools.


Cheers,

Garming


On 21/11/17 10:42, Edgar Olougouna via cifs-protocol wrote:
> + dochelp. Shift Lead, please assign me a new case for this inquiry.
> Thanks,
> Edgar
>
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org] 
> Sent: Monday, November 20, 2017 3:35 PM
> To: Edgar Olougouna <edgaro at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: Extended rights as LDIF
>
> G'Day Edgar,
>
> I'm working with Garming to have Samba use more modern schema, and we are using the downloads from
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D23782&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=vRkXquP84K0Jl8ltrEvT2zUXU7xYX%2BN0E8qhkVss%2F7I%3D&reserved=0
>
> However, the schema depends on extended rights, which are defined eg
> here:
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fms684293(v%3Dvs.85).aspx&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=SxTUGaBvmxyeXMFKrSybhrYDUD9u9EMX%2F6U9VODYAwg%3D&reserved=0
>
> and in MS-ADTS here:
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc223512.aspx&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=bPgfxQkjhf4BctAIaSifpamAisTcE57D28A7VO6iQqY%3D&reserved=0 
>
> However, the MS-ADTS docs don't contain the information needed to create the object, like the Localization-Display-ID.  (We gain the appliesTo if we look at eg
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc223602.aspx&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=ryPf1GQqTXRbGP%2Bg1Cs%2Be9wMAI%2FYyFMucwJTLnAChyc%3D&reserved=0 )
>
> There also isn't any more detail in:
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblogs.msdn.microsoft.com%2Fopenspecification%2F2009%2F08%2F19%2Factive-directory-technical-specification-control-access-rights-concordance%2F&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=mdZSEvO%2B6aWIztOZAm08J1hP6uoJ1YxjtS8%2FSNrmxzU%3D&reserved=0
>
> Could the download we mention above be extended/supplemented with an LDIF of the matching Extended Rights, or is it already available somewhere we haven't found yet?
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet%2F&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=t3Pme9kkGK4HN1%2FCuBFaWGP3iCYUMx4aWSruiUSvf50%3D&reserved=0
> Authentication Developer, Samba Team         https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=mGjMebWDBJ7blegxft3JhM4nyfxUIYA3t7QLoIvxRo4%3D&reserved=0
> Samba Development and Support, Catalyst IT   
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=02%7C01%7Cedgaro%40microsoft.com%7C9f63dc38527146fd2d2d08d5305e8b80%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636468104979500849&sdata=3b4CDxFVonzIqQJibIQN9nNmJvRuAQszv3%2BIQVQvbuE%3D&reserved=0
>
>
>
>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol

More information about the cifs-protocol mailing list