s4: dSHeuristics syntax check

[Nadezhda Ivanova]

Hi Matthias,
This is great! Let me know if there is anything I can help you with.

Regards,
Nadya

On Wed, Nov 10, 2010 at 4:18 PM, Matthias Dieter Wallnöfer <mdw at samba.org>wrote:

> Hi Nadya,
>
> I'm very close to enforce the "dSHeuristics" regarding the "userPassword"
> attribute - but it will still take a bit to fix all issues. Unfortunately
> we've worked with the assumption that "userPassword" is always usable for
> changing passwords - which in fact it isn't. Therefore some scripts need to
> be patched.
>
> Greets,
> Matthias
>
> Nadezhda Ivanova wrote:
>
>> Ok, I will add a check on adds as well, although I am not sure I can make
>> a test for this that will pass against windows. As for whether its a
>> necessary feature, we definitely do not need to take all the flags into
>> account, but some of them make sense and alter the behavior of the server,
>> as in the case with blocking anonymous connections and the password resets,
>> remember how these tests did not pass against windows until we started
>> playing with dSHeuristics? At the very least we should not allow invalid
>> data to be entered there.
>>
>> Regards,
>> Nadya
>>
>> On Wed, Nov 3, 2010 at 9:12 AM, Matthias Dieter Wallnöfer <mdw at samba.org<mailto:
>> mdw at samba.org>> wrote:
>>
>>    Exactly, Andrew.
>>
>>    Better to test more than less. This 1.) prevents problems when we
>>    enforce more and more constraints, 2.) keeps our database as
>>    consistent as possible.
>>
>>    Well the "dSHeuristics" implementation as such I don't find the
>>    most needed feature - but well, if it's done correctly I'm fine
>>    with it.
>>
>>    Greets,
>>    Matthias
>>
>>
>>    Andrew Bartlett wrote:
>>
>>        I still think we should do out best to always ensure we always
>>        validate
>>        data entered into the directory.
>>
>>        Andrew Bartlett
>>
>>
>>
>>
>>
>