[Samba] Samba 4: permissive modify fails

Andrew Bartlett abartlet at samba.org
Sun Feb 7 13:12:03 MST 2010

On Sun, 2010-02-07 at 13:46 +0100, Christoph Theis wrote:
> Hello,
> I have a Samba 4 (alpha 11) server acting as an AD and a Samba 3
> client as a domain client, both runing under FreeBSD. To add an SPN
> for the client I run the command "net ads keytab add HTTP". There is
> no output but "net ads keytab list" does not show that SPN. Sniffing
> the network traffic I see that the client uses the control
> LDAP_SERVER_PERMISSIVE_MODIFY_OID with the critical-bit set and the
> server responds with an error "Unsupported critical extension".
> I could reproduce the behaviour by running ldbmodify on the server:
> ldbmodify -H ldap://servername -k 1 --controls=permissive_modify:1 test
> with the file content of test
> dn: CN=workstation,CN=Computers,DC=EXAMPLE,DC=ORG
> changetype: modify
> add: servicePrincipalName
> servicePrincipalName: HTTP/workstation
> When I set the critical bit to 0 the call succeeds. When I run it
> again I get an error "Attribute or value exists". In my understanding
> this is wrong, permissive modify shall not return an error when the
> attribute with the same value already exists or when an attribute to
> be deleted does not exists.

Correct, we don't currently support this control.  Please file a bug,
and we will try and get to it soon. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100208/87826fe9/attachment.pgp>

More information about the samba mailing list