Python and Samba and LDAP and ntSecurityDescriptor

Zahari Zahariev zahari.zahariev at
Fri Feb 20 07:25:30 MST 2009

Hello Samba4 & Andrew,

I have a problem with setting a custom ntSecurityDescriptor to a user I 
create within a unittest similar to those in 
source4/lib/ldb/tests/python/ I use ldb.add({}) that is being 
initialized via LDAP to the running Sanba server at the moment. As far 
as we talked with Jelmer he explained that I can do this with ndr_pack 
of a security descriptor object so I provided the add method with key 
and value for the security descriptor along the other stuff you will 
need to create user ldp.add({..., 'ntSecurityDescriptor' : 
ndr_pack(descriptor_object)}). This is the way I create user but 
unfortunately when I try to read it also through LDAP the 
ntSecurityDescriptor cannot ndr_unpack() it returns a 'Buffer error'. It 
is different when I have the descriptor generated for me (I do not put 
it in ldp.add({})) in this ca when I try to read it also using LDAP it 
has nor problem with ndr_unpack(). So my assumption is that I do 
something wrong sending it via LDAP ti Samba4.

Can you give me some clues where do I go wrong and that could be the 
other ways that I can achieve setting a custom descriptor for any user I 
want to create via LDAP or LDAP is not the way?

Thank you!

More information about the samba-technical mailing list