descriptor calculation for NC
Andrew Bartlett
abartlet at samba.org
Tue Nov 15 15:34:00 MST 2011
On Tue, 2011-11-15 at 23:06 +0100, Matthieu Patou wrote:
> Hello Nadya and all the SD/NtACLs experts,
>
> I'm debugging what's happening when a Windows DC asks samba to create a
> new NC for the DNS zone, and logically it's going in the descriptor
> module for the creation of the SD.
>
> I found this code and at least for my case it didn't work or more
> exactly I think it won't be correct
> So I'm wondering if:
> 1) the comment is still valid as when we replicate it seems that we have
> the instanceType attribute, the same for the provision and the same when
> the NC is created after (with DRS_addEntry for instance).
> 2) if we could introduce a test to check the presence of instanceType
> and the indicator of NC_HEAD and use it in priority.
This sounds exactly the right way to handle this. We should generally
work this out based on instanceType. The code in descriptor_modify
looks correct for add (reworked to look at the incoming add, not the
search). Perhaps some of it can be factored out into a common routine.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list