s4: dSHeuristics syntax check

Matthias Dieter Wallnöfer mdw at samba.org
Wed Nov 10 07:18:53 MST 2010

Hi Nadya,

I'm very close to enforce the "dSHeuristics" regarding the 
"userPassword" attribute - but it will still take a bit to fix all 
issues. Unfortunately we've worked with the assumption that 
"userPassword" is always usable for changing passwords - which in fact 
it isn't. Therefore some scripts need to be patched.


Nadezhda Ivanova wrote:
> Ok, I will add a check on adds as well, although I am not sure I can 
> make a test for this that will pass against windows. As for whether 
> its a necessary feature, we definitely do not need to take all the 
> flags into account, but some of them make sense and alter the behavior 
> of the server, as in the case with blocking anonymous connections and 
> the password resets, remember how these tests did not pass against 
> windows until we started playing with dSHeuristics? At the very least 
> we should not allow invalid data to be entered there.
> Regards,
> Nadya
> On Wed, Nov 3, 2010 at 9:12 AM, Matthias Dieter Wallnöfer 
> <mdw at samba.org <mailto:mdw at samba.org>> wrote:
>     Exactly, Andrew.
>     Better to test more than less. This 1.) prevents problems when we
>     enforce more and more constraints, 2.) keeps our database as
>     consistent as possible.
>     Well the "dSHeuristics" implementation as such I don't find the
>     most needed feature - but well, if it's done correctly I'm fine
>     with it.
>     Greets,
>     Matthias
>     Andrew Bartlett wrote:
>         I still think we should do out best to always ensure we always
>         validate
>         data entered into the directory.
>         Andrew Bartlett

More information about the samba-technical mailing list