[cifs-protocol] MS-ADTS dirsync and extended-dn interactions
Andrew Bartlett
abartlet at samba.org
Wed Oct 23 22:27:15 UTC 2019
G'Day,
Per a call with Edgar and Brian today.
While looking at a Samba fix for our Samba AD DC being contacted by
Microsoft Azure, I notied that the interaction that is fixed by this
Samba bug isn't clearly documented:
https://bugzilla.samba.org/show_bug.cgi?id=14153
That is, while MS-ATDS specified both of these controls and while
LDAP_SERVER_DIRSYNC_OID implies LDAP_SERVER_EXTENDED_DN_OID (not that I
coudl find that documented in a brief serch), the inteaction is not
ccalled out.
That is, as I understand it from the patch, during dirsync if
LDAP_SERVER_EXTENDED_DN_OID is specified explicitly, then the returned
data format (0 - the default, or 1) comes from that control.
It would be good if this was made clearer.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list