[Bug 7040] provisioning fails with alpha11

Andrew Bartlett abartlet at samba.org
Fri Jan 22 11:46:00 MST 2010

On Thu, 2010-01-21 at 14:39 +1300, Andrew Bartlett wrote:
> On Tue, 2010-01-19 at 19:50 -0500, Endi Sukma Dewata wrote:
> > Hi Andrew,
> > 
> > Attached are the proposed patches for this bug:
> > https://bugzilla.samba.org/show_bug.cgi?id=7040
> > 
> > Patch #1 registers NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID
> > and LDB_CONTROL_AS_SYSTEM_OID. Is this correct?
> We should not have a network implementation of LDB_CONTROL_AS_SYSTEM_OID
> - for security this should never be accepted over LDAP.  

On further reflection:  A patch would be accepted that ensures this
remains true.  To fix the original bug, the ACL modules need to be
modified to swallow the control, like I discuss here:

> We should also figure out what is causing
> DSDB_CONTROL_DN_STORAGE_FORMAT_OID to get to the backend, without being
> intercepted and interpreted by the extended_dn_out module. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100123/104a61fb/attachment.pgp>

More information about the samba-technical mailing list