Setting 'nTSecurityDescriptor' via LDAP fails
Andrew Bartlett
abartlet at samba.org
Wed Mar 11 08:35:50 GMT 2009
On Tue, 2009-03-10 at 14:34 +0100, Stefan (metze) Metzmacher wrote:
> Zahari Z. schrieb:
> > Andrew Bartlett wrote:
> >> On Fri, 2009-03-06 at 15:11 +0200, Zahari Z. wrote:
> >>
> >>> Hello Andrew and Samba4,
> >>>
> >>> I am raising this issue again. This is about sending ndr_packed()
> >>> nTsecurityDescriptor object via LDAP connection.
> >>>
> >>
> >>
> >>> Hope the explanation is clear and you would be able to help us
> >>> overcome this LDAP situation.
> >>>
> >>
> >> Does this test pass against Windows 2003 or 2008?
> >>
> >> Andrew Bartlett
> >>
> >>
> > Hello Andrew,
> >
> > It does not pass against Windows2003. It crushes with 'Constrain error'
> > that resolves according to winerror.h this error sesolves to 'Invalid
> > nTSecurityDescriptor'.
> >
> > See the error against Win2003:
> >
> > Traceback (most recent call last):
> > File "./lib/ldb/tests/python/acl-test.py", line 100, in test_acl_read
> > "ntSecurityDescriptor" : ndr_pack(x),
> > LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <0000053A:
> > AtrErr: DSID-03150B5E, #1:\n\t0: 0000053A: DSID-03150B5E, problem 1005
> > (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)\n> <>')
> >
> > My guess is that something happens at the moment of writing to database
> > or while sending.
>
> I think you need to use the a control:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp
Once this is fixed, I think the issue may be due to different formats of
the attribute (samba translates between text and binary). Try printing
the original value obtained over LDAP to see how it differs before you
try parsing.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090311/c20519c0/attachment.bin
More information about the samba-technical
mailing list