FW: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL in LDAP although being not empty in the LDB

Nadezhda Ivanova nadezhda.ivanova at postpath.com
Tue Sep 29 01:32:34 MDT 2009

Hi all, 
I can't access bugzilla at the moment, so let me use mail to clarify. 
The descriptor module that was pushed some days ago serves to implement proper creation in sd's in samba, namely inheriting of ACEs from the parent, replacing of some placeholder sids, and defaulting the owner/group of the SD when such was not provided. Previously in Samba we had a mechanism to use the defaultSecurityDescriptor, but not the inheritance and owner creation part. Therefore, the SD's of almost all of the objects will be different from before, but that is the expected behavior. It should not influence any samba behavior as the module that actually uses SD's to perform access checks is not pushed yet. Of course, anything that contains invalid data is a bug and will be fixed. Also, we should investigate why a changed SD causes a problem.


-----Original Message-----
From: samba-bugs at samba.org [mailto:samba-bugs at samba.org] 
Sent: Monday, September 28, 2009 11:42 PM
To: Nadezhda Ivanova
Subject: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL in LDAP although being not empty in the LDB


------- Comment #9 from mat+Informatique.Samba at matws.net  2009-09-28 15:41 CST -------
I'am not sure that this 5acd8bc01b23d6fc3d83eea9c3307feb7210879f changset has
fixed the thing as I've tried, with a very up to date changset (2e989ba), to
provision a test s4 and I've still some modifications on the

/usr/local/src/tests4/source4/bin/ldbedit -H sam.ldb -b
"CN=Configuration,DC=foo,DC=bar" nTSecurityDescriptor
# 0 adds  1567 modifies  0 deletes

And the provision show me that I did it with the changeset I expect to be ...

oEMInformation: Provisioned by SAMBA 4.0.0alpha9-GIT-2e989ba

Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the samba-technical mailing list