change to acl_read module for supporting dirsync module
Matthias Dieter Wallnöfer
mdw at samba.org
Wed Mar 9 06:57:12 MST 2011
Nadya,
just to understand ourself I mean these patches:
http://gitweb.samba.org/?p=mat/samba.git;a=commitdiff;h=370d40b848b18bdceeda06f156662860a525615d
http://gitweb.samba.org/?p=mat/samba.git;a=commitdiff;h=a53c047602aa60dca71ac1c42e5b5263b046d107
Cheers,
Matthias
Matthias,
This patch is actually the implementation of an AD LDAP control, so... no way to
avoid using the control itself, I suppose :).
On Wed, Mar 9, 2011 at 11:08 AM, Matthias Dieter Wallnöfer <mdw at samba.org>
wrote:
ekacnet,
>
>I've also looked about this patch - two comments:
>
> * Is there a real reason that the module has to be located below the
> ACL one? I'm raising this thought since if there is none we could
> save us an additional control and simply put it higher. We really
> need to start avoiding controls where not strictly necessary.
> Another way could be to use the new "trusted/untrusted" mechanism
> for getting "replPropertyMetaData".
> * I've also performed a quick review of the control implementation
> and I've noticed some type problems:
> o The counter variables aren't appropriate yet. LDB objects
> are counted as "unsigned int". That means the following in
> the downto manner: for (i >= ...num_values - 1; i !=
> (unsigned) - 1; i--).
> o On "for (i=0; i < rmd.ctr.ctr1.count; i++) {" "i" should be
> "uint32_t" since we are working os DSR stuff.
> o "functional_level" in "struct dirsync_control" should be
> typed as "int".
> o "addedAttributes" I would type as "unsigned int" (the same
> as "num_elements" in LDB).
>
>Otherwise your work really seems very promising. Also the problem with the
>partition control should be sorted out as soon tridge finishes my patchset
>review.
>
>Cheers,
>Matthias
>
>
>Matthieu Patou wrote:
>
>Hello Nadya,
>>
>>Can you have a look at this:
>>
>>http://git.samba.org/?p=mat/samba.git;a=blobdiff;f=source4/dsdb/samdb/ldb_modules/acl_read.c;h=e7c54c970bd0ff9aaa8f1e5e85e7754bb845a7c6;hp=cde6d11c75bd07d4f6dd032e9f01d2b8e78eb2a9;hb=a53c047602aa60dca71ac1c42e5b5263b046d107;hpb=370d40b848b18bdceeda06f156662860a525615d
>>
>>
>>And tell me if you are OK, basically it's about not to return LDB_SUCCESS when a
>>searched attribute is not accessible but instead to remove the
>>replPropertyMetaData attribute to give the signal to dirsync that the user
>>didn't have an access on this object and so an empty DN with just the objectGUID
>>should be returned.
>>
>>Matthieu.
>>
>>
More information about the samba-technical
mailing list