[cifs-protocol] [REG:119102421000015] MS-ADTS dirsync and extended-dn interactions

[Jeff McCashland]

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Andrew,

Thank you for your Active Directory question. We have created SR 119102421000015 to track this issue. One of our engineers will respond soon to assist. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Jeremy Chapman (jeremyc), +1 (469) 775-2475

-----Original Message-----
From: Andrew Bartlett <abartlet at samba.org> 
Sent: Wednesday, October 23, 2019 3:27 PM
To: cifs-protocol at lists.samba.org
Cc: Interoperability Documentation Help <dochelp at microsoft.com>; bjacke at samba.org; Stefan Metzmacher <metze at samba.org>
Subject: MS-ADTS dirsync and extended-dn interactions

G'Day,

Per a call with Edgar and Brian today.

While looking at a Samba fix for our Samba AD DC being contacted by Microsoft Azure, I notied that the interaction that is fixed by this Samba bug isn't clearly documented:

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D14153&data=02%7C01%7Cjeffm%40microsoft.com%7C5d6695a6f66942728df308d758082ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637074664487507641&sdata=Th6%2FTBtik8MRYdfZVAc8kiO73j5OPsLnOmKuFw2eWus%3D&reserved=0

That is, while MS-ATDS specified both of these controls and while LDAP_SERVER_DIRSYNC_OID implies LDAP_SERVER_EXTENDED_DN_OID (not that I coudl find that documented in a brief serch), the inteaction is not ccalled out.

That is, as I understand it from the patch, during dirsync if LDAP_SERVER_EXTENDED_DN_OID is specified explicitly, then the returned data format (0 - the default, or 1) comes from that control.

It would be good if this was made clearer.

Thanks!

Andrew Bartlett

--
Andrew Bartlett
https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet%2F&data=02%7C01%7Cjeffm%40microsoft.com%7C5d6695a6f66942728df308d758082ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637074664487507641&sdata=rZ6ff0a3Lgld4FqsSuaptA27Pop2FYxKqunYL%2BtJnWE%3D&reserved=0
Authentication Developer, Samba Team         https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=02%7C01%7Cjeffm%40microsoft.com%7C5d6695a6f66942728df308d758082ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637074664487507641&sdata=K6%2FRcPF2hG1HyBBO4U%2BzDzxpGEHOcfoXqGhBmUT4bhA%3D&reserved=0
Samba Development and Support, Catalyst IT   
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=02%7C01%7Cjeffm%40microsoft.com%7C5d6695a6f66942728df308d758082ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637074664487507641&sdata=SVIF2TrOaGFlkUg5uHWRIdl70Fwy4jito7KWgb%2FJcQU%3D&reserved=0