[PATCH] Allow duplicate non local objectSIDs
Gary Lockyer
gary at catalyst.net.nz
Mon Dec 4 22:03:13 UTC 2017
Hi Metze,
I've spent some time trying to add tests to
source4/dsdb/tests/python/sam.py to test against Windows 2012 R2. It
appears that Windows does not allow the creation of
foreignSecurityPrincipals via ldap, or at least I can't get it working.
So at the moment I'll confine the change to the index changes only
tested in dsdb.py
I'll repost the patch set once I've tidied it up and it passes local builds.
Cheers
Gary
On 30/11/17 21:03, Stefan Metzmacher via samba-technical wrote:
> Hi Gary,
>
> are we sure we only have to care about the local domain sid?
>
> At least I read somewhere that the automatic creation of
> foreignSecurityPrincipal objects (which we don't support yet)
> is only done if the domain sid is not known anywhere in the forest.
>
> Can you please check in a windows forest if it's possible to
> create a foreignSecurityPrincipal with an already existing sid
> from a different domain in the forest, as well as
> a non-existing sid, with a known domain sid part but a not yet used rid.
>
> The same test should be done with the local domain sid.V
>
> Thanks!
> metze
>
> Am 30.11.2017 um 02:37 schrieb Gary Lockyer via samba-technical:
>> Patch to allow duplicate objectSIDs for foreign security principals,
>> while requiring unique objectsSIDs for the primary domain.
>>
>> Fixes BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
>>
>> Review and push appreciated
>>
>> Thanks Gary
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171205/b2a92de4/signature.sig>
More information about the samba-technical
mailing list