[s4/LDB] ldap.py status

Matthias Dieter Wallnöfer mdw at samba.org
Tue Oct 6 01:11:31 MDT 2009 

Andrew,

I got the same behaviour with all three flags. Thanks for the long and 
clear explaination. Will push a fix soon.

Matthias

Andrew Bartlett schrieb:
> On Mon, 2009-10-05 at 18:54 +0200, Matthias Dieter Wallnöfer wrote:
>   
>> Andrew,
>>
>> Andrew Bartlett schrieb:
>>     
>>> Actual windows behaviour (windows 2008) certainly trumps 'testsuite
>>> claimed' behaviour.  We didn't have time for comparative runs against
>>> Windows during the event, which is why I could not merge the patches
>>> until test suites were written. 
>>>   
>>>       
>> what does this exactly mean? It doesn't pass at all against Windows 
>> 2008? And then, should I change the result from s4 to this from Windows 
>> 2003?
>>     
>
> So, I did this work with a testsuite, that it is claimed, proves that
> the WSPP documentation is correct because it was written against the
> docs, but passes against a Windows DC.  However, such claims must be
> independently verified - that is, we should write them into ldap.py, and
> test them against Windows ourselves.  We should work with Microsoft to
> understand the differences.
>
> All software has bugs, and it may be that the testsuite we ran at the
> Microsoft event was incorrect on this point, or that we don't understand
> a detail completely.   (The testsuite had a 'windows' and 'non-windows'
> mode, which we had to due because we don't support the extended error
> returns in the error string.  This may have been a difference between
> those modes). 
>
> You should strive (within reason) to match the AD behaviour as much as
> possible.  (But be mindful when doing so, if an AD behaviour seems very
> unreasonable, then ask questions, you may have uncovered a security hole
> or misunderstood the problem). 
>
> In short, if a ldb_modify with a 'delete', 'replace with new value',
> 'replace with no value' or 'add' of distinguishedName all return
> LDB_ERR_CONSTRAINT_VIOLATION, then please change the error code in the
> Samba4 source.  (Also put a test in ldap.py to prove this and assert
> that we continue to get this correct). 
>
> Does that make sense?
>
> Andrew Bartlett
>

More information about the samba-technical mailing list