ntSecurityDescriptor and acl module

tridge at samba.org tridge at samba.org
Thu Nov 19 21:28:05 MST 2009

Hi Nadya,

I've just changed operational.c to not give the ntSecurityDescriptor
unless it's actually asked for. This matches AD behaviour, so I think
it's correct, but I thought this may affect your ACL work so I am
letting you know to watch out for it.

The problem is that the acl module is higher up the module stack than
the operational module. This means that the acl module will now never
see a ntSecurityDescriptor attribute unless it was asked for. So if
the acl module relies on getting a ntSecurityDescriptor attribute on
every search then it will fail.

make test still passes at the moment, but I know you're still working
on the ACL code, so I thought it was worth mentioning.

Cheers, Tridge

More information about the samba-technical mailing list