Setting 'nTSecurityDescriptor' via LDAP fails
Stefan (metze) Metzmacher
metze at samba.org
Tue Mar 10 13:34:55 GMT 2009
Zahari Z. schrieb:
> Andrew Bartlett wrote:
>> On Fri, 2009-03-06 at 15:11 +0200, Zahari Z. wrote:
>>
>>> Hello Andrew and Samba4,
>>>
>>> I am raising this issue again. This is about sending ndr_packed()
>>> nTsecurityDescriptor object via LDAP connection.
>>>
>>
>>
>>> Hope the explanation is clear and you would be able to help us
>>> overcome this LDAP situation.
>>>
>>
>> Does this test pass against Windows 2003 or 2008?
>>
>> Andrew Bartlett
>>
>>
> Hello Andrew,
>
> It does not pass against Windows2003. It crushes with 'Constrain error'
> that resolves according to winerror.h this error sesolves to 'Invalid
> nTSecurityDescriptor'.
>
> See the error against Win2003:
>
> Traceback (most recent call last):
> File "./lib/ldb/tests/python/acl-test.py", line 100, in test_acl_read
> "ntSecurityDescriptor" : ndr_pack(x),
> LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <0000053A:
> AtrErr: DSID-03150B5E, #1:\n\t0: 0000053A: DSID-03150B5E, problem 1005
> (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)\n> <>')
>
> My guess is that something happens at the moment of writing to database
> or while sending.
I think you need to use the a control:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090310/deb7930d/signature.bin
More information about the samba-technical
mailing list