structuralObjectClass multi-valued in W2K8

Andrew Bartlett abartlet at
Tue Apr 21 14:30:27 GMT 2009

On Tue, 2009-04-21 at 15:24 +0200, Michael Ströder wrote:
> Andrew Bartlett wrote:
> > On Sat, 2009-04-18 at 17:36 +0200, Michael Ströder wrote:
> >>
> >> Looking at a user entry in MS AD on W2K8 there's a bug with attribute
> >> 'structuralObjectClass'. It lists all (structural) object classes
> >> whereas other LDAPv3 compliant servers only list *the* structural object
> >> class of an entry. Normally 'structuralObjectClass' is SINGLE-VALUE.
> >> [..]
> >> Why to care about this? A really schema-aware client (e.g. my web2ldap)
> >> might look at the attribute structuralObjectClass while determining the
> >> governing structural rule of an entry (in case DIT structure rules are
> >> in effect).
> >>
> >> Now the question is whether Samba4 wants to mimique this bug or whether
> >> it would be worth trying to convince the MS developers to fix it.
> >>
> >> There are other schema bugs like 'objectClass' being declared as
> >> NO-USER-MODIFICATION while MS AD happily accepts modifications...
> > 
> > Samba4 will implement the same 'bugs' as AD in all these cases.  
> And if MS fixes these bugs later Samba4 will also get "fixed"?

I don't expect these behaviours to change, as it is documented in
MS-ADTS It is documented

> So why not talk to them before putting effort into mimique the bugs?

As this attribute is operational, it won't be much work to change, if
there was ever a change from Microsoft.  I don't expect any change here
- it would break their existing clients. 

> Is the current reference for Samba4 W2K8R2?
> (Can't test this myself because I don't have 64-bit hardware available).

In general, the latest available release is the reference.  I'm mostly
testing against Win2k8 or Win2k3 these days.

I'm sorry we can't abide by the RFCs in implementing Samba4, but it's
simply not a goal for us.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list