[cifs-protocol] MS-ADTS dirsync and extended-dn interactions
abartlet at samba.org
Wed Oct 23 22:27:15 UTC 2019
Per a call with Edgar and Brian today.
While looking at a Samba fix for our Samba AD DC being contacted by
Microsoft Azure, I notied that the interaction that is fixed by this
Samba bug isn't clearly documented:
That is, while MS-ATDS specified both of these controls and while
LDAP_SERVER_DIRSYNC_OID implies LDAP_SERVER_EXTENDED_DN_OID (not that I
coudl find that documented in a brief serch), the inteaction is not
That is, as I understand it from the patch, during dirsync if
LDAP_SERVER_EXTENDED_DN_OID is specified explicitly, then the returned
data format (0 - the default, or 1) comes from that control.
It would be good if this was made clearer.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the cifs-protocol