[s4/LDB] ldap.py status

Andrew Bartlett abartlet at samba.org
Mon Oct 5 16:47:29 MDT 2009 

On Mon, 2009-10-05 at 18:54 +0200, Matthias Dieter Wallnöfer wrote:
> Andrew,
> 
> Andrew Bartlett schrieb:
> > Actual windows behaviour (windows 2008) certainly trumps 'testsuite
> > claimed' behaviour.  We didn't have time for comparative runs against
> > Windows during the event, which is why I could not merge the patches
> > until test suites were written. 
> >   
> what does this exactly mean? It doesn't pass at all against Windows 
> 2008? And then, should I change the result from s4 to this from Windows 
> 2003?

So, I did this work with a testsuite, that it is claimed, proves that
the WSPP documentation is correct because it was written against the
docs, but passes against a Windows DC.  However, such claims must be
independently verified - that is, we should write them into ldap.py, and
test them against Windows ourselves.  We should work with Microsoft to
understand the differences.

All software has bugs, and it may be that the testsuite we ran at the
Microsoft event was incorrect on this point, or that we don't understand
a detail completely.   (The testsuite had a 'windows' and 'non-windows'
mode, which we had to due because we don't support the extended error
returns in the error string.  This may have been a difference between
those modes). 

You should strive (within reason) to match the AD behaviour as much as
possible.  (But be mindful when doing so, if an AD behaviour seems very
unreasonable, then ask questions, you may have uncovered a security hole
or misunderstood the problem). 

In short, if a ldb_modify with a 'delete', 'replace with new value',
'replace with no value' or 'add' of distinguishedName all return
LDB_ERR_CONSTRAINT_VIOLATION, then please change the error code in the
Samba4 source.  (Also put a test in ldap.py to prove this and assert
that we continue to get this correct). 

Does that make sense?

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091006/d512032d/attachment.pgp>

More information about the samba-technical mailing list