[PATCH] Failure to modify nTSecurityDescriptor attribute ussing ldb.modify_ldif()

Zahari Zahariev zahari.zahariev at postpath.com
Tue Aug 4 02:29:12 MDT 2009

Hello Andrew,

I do not know what to say (*speechless*) so I will just say -- IT WORKS!

Little patch coming from you, big leap for ACL unittest future.

Thank you!

Zahari Zahariev
Software Engineer, PPD & Installer team
Cisco Systems, Bulgaria

----- Original Message -----
> From: Andrew Bartlett <abartlet at samba.org>
> To: Zahari Zahariev <zahari.zahariev at postpath.com>
> Cc: samba-technical at lists.samba.org <samba-technical at lists.samba.org>
> Sent: Tuesday, August 4, 2009 9:59:36 AM GMT+0200 Europe;Athens
> Subject: Re: [PATCH] Failure to modify nTSecurityDescriptor attribute ussing ldb.modify_ldif()

> > On Mon, 2009-07-06 at 17:41 +0300, Zahari Zahariev wrote:
> > Hello Andrew & Samba4,
> > 
> > I have updated my self to the latest Samba and I verified your work. 
> Your changes indeed work and it now produces a parsing error if you 
> try to use BASE64 value for nTSecurityDescriptor attribute in LDIF.
> > 
> > The new patch I am including is the way I understood Ldb is 
> intelligent enough to read SDDL sting right off from the LDIF. I 
> tested this against Windows 2003 and Samba and it produced different 
> results (nothing unusual so far).
> I've changed our LDB code to cope with a binary SID, and to also cope
> with SDDL properly (including handling the domain SID lookup if
> required).
> Let me know if this works any better for you,
> Thank you for your patience, and feel free to remind me when I get
> behind on important bugs like this.  
> Andrew Bartlett
> -- 
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.

More information about the samba-technical mailing list