FW: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL in LDAP although being not empty in the LDB
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Tue Sep 29 01:32:34 MDT 2009
Hi all,
I can't access bugzilla at the moment, so let me use mail to clarify.
The descriptor module that was pushed some days ago serves to implement proper creation in sd's in samba, namely inheriting of ACEs from the parent, replacing of some placeholder sids, and defaulting the owner/group of the SD when such was not provided. Previously in Samba we had a mechanism to use the defaultSecurityDescriptor, but not the inheritance and owner creation part. Therefore, the SD's of almost all of the objects will be different from before, but that is the expected behavior. It should not influence any samba behavior as the module that actually uses SD's to perform access checks is not pushed yet. Of course, anything that contains invalid data is a bug and will be fixed. Also, we should investigate why a changed SD causes a problem.
Regards,
Nadya
-----Original Message-----
From: samba-bugs at samba.org [mailto:samba-bugs at samba.org]
Sent: Monday, September 28, 2009 11:42 PM
To: Nadezhda Ivanova
Subject: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL in LDAP although being not empty in the LDB
https://bugzilla.samba.org/show_bug.cgi?id=6760
------- Comment #9 from mat+Informatique.Samba at matws.net 2009-09-28 15:41 CST -------
I'am not sure that this 5acd8bc01b23d6fc3d83eea9c3307feb7210879f changset has
fixed the thing as I've tried, with a very up to date changset (2e989ba), to
provision a test s4 and I've still some modifications on the
nTSecurityDescriptor:
/usr/local/src/tests4/source4/bin/ldbedit -H sam.ldb -b
"CN=Configuration,DC=foo,DC=bar" nTSecurityDescriptor
# 0 adds 1567 modifies 0 deletes
And the provision show me that I did it with the changeset I expect to be ...
oEMInformation: Provisioned by SAMBA 4.0.0alpha9-GIT-2e989ba
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the samba-technical
mailing list