[PATCH] Failure to modify nTSecurityDescriptor attribute ussing ldb.modify_ldif()

Andrew Bartlett abartlet at samba.org
Tue Aug 4 00:59:32 MDT 2009

On Mon, 2009-07-06 at 17:41 +0300, Zahari Zahariev wrote:
> Hello Andrew & Samba4,
> I have updated my self to the latest Samba and I verified your work. Your changes indeed work and it now produces a parsing error if you try to use BASE64 value for nTSecurityDescriptor attribute in LDIF.
> The new patch I am including is the way I understood Ldb is intelligent enough to read SDDL sting right off from the LDIF. I tested this against Windows 2003 and Samba and it produced different results (nothing unusual so far).

I've changed our LDB code to cope with a binary SID, and to also cope
with SDDL properly (including handling the domain SID lookup if

Let me know if this works any better for you,

Thank you for your patience, and feel free to remind me when I get
behind on important bugs like this.  

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090804/a6169d50/attachment.pgp>

More information about the samba-technical mailing list