s4: dSHeuristics syntax check
Matthias Dieter Wallnöfer
mdw at samba.org
Wed Nov 10 07:18:53 MST 2010
Hi Nadya,
I'm very close to enforce the "dSHeuristics" regarding the
"userPassword" attribute - but it will still take a bit to fix all
issues. Unfortunately we've worked with the assumption that
"userPassword" is always usable for changing passwords - which in fact
it isn't. Therefore some scripts need to be patched.
Greets,
Matthias
Nadezhda Ivanova wrote:
> Ok, I will add a check on adds as well, although I am not sure I can
> make a test for this that will pass against windows. As for whether
> its a necessary feature, we definitely do not need to take all the
> flags into account, but some of them make sense and alter the behavior
> of the server, as in the case with blocking anonymous connections and
> the password resets, remember how these tests did not pass against
> windows until we started playing with dSHeuristics? At the very least
> we should not allow invalid data to be entered there.
>
> Regards,
> Nadya
>
> On Wed, Nov 3, 2010 at 9:12 AM, Matthias Dieter Wallnöfer
> <mdw at samba.org <mailto:mdw at samba.org>> wrote:
>
> Exactly, Andrew.
>
> Better to test more than less. This 1.) prevents problems when we
> enforce more and more constraints, 2.) keeps our database as
> consistent as possible.
>
> Well the "dSHeuristics" implementation as such I don't find the
> most needed feature - but well, if it's done correctly I'm fine
> with it.
>
> Greets,
> Matthias
>
>
> Andrew Bartlett wrote:
>
> I still think we should do out best to always ensure we always
> validate
> data entered into the directory.
>
> Andrew Bartlett
>
>
>
>
More information about the samba-technical
mailing list