s4: dSHeuristics syntax check
Nadezhda Ivanova
nivanova at samba.org
Wed Nov 10 09:23:24 MST 2010
Hi Matthias,
This is great! Let me know if there is anything I can help you with.
Regards,
Nadya
On Wed, Nov 10, 2010 at 4:18 PM, Matthias Dieter Wallnöfer <mdw at samba.org>wrote:
> Hi Nadya,
>
> I'm very close to enforce the "dSHeuristics" regarding the "userPassword"
> attribute - but it will still take a bit to fix all issues. Unfortunately
> we've worked with the assumption that "userPassword" is always usable for
> changing passwords - which in fact it isn't. Therefore some scripts need to
> be patched.
>
> Greets,
> Matthias
>
> Nadezhda Ivanova wrote:
>
>> Ok, I will add a check on adds as well, although I am not sure I can make
>> a test for this that will pass against windows. As for whether its a
>> necessary feature, we definitely do not need to take all the flags into
>> account, but some of them make sense and alter the behavior of the server,
>> as in the case with blocking anonymous connections and the password resets,
>> remember how these tests did not pass against windows until we started
>> playing with dSHeuristics? At the very least we should not allow invalid
>> data to be entered there.
>>
>> Regards,
>> Nadya
>>
>> On Wed, Nov 3, 2010 at 9:12 AM, Matthias Dieter Wallnöfer <mdw at samba.org<mailto:
>> mdw at samba.org>> wrote:
>>
>> Exactly, Andrew.
>>
>> Better to test more than less. This 1.) prevents problems when we
>> enforce more and more constraints, 2.) keeps our database as
>> consistent as possible.
>>
>> Well the "dSHeuristics" implementation as such I don't find the
>> most needed feature - but well, if it's done correctly I'm fine
>> with it.
>>
>> Greets,
>> Matthias
>>
>>
>> Andrew Bartlett wrote:
>>
>> I still think we should do out best to always ensure we always
>> validate
>> data entered into the directory.
>>
>> Andrew Bartlett
>>
>>
>>
>>
>>
>
More information about the samba-technical
mailing list