[Samba] Samba4 LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN
Felix Zachlod
fz.lists at sis-gmbh.info
Mon Mar 10 02:20:23 MDT 2014
Hello list,
we are currently trying to authenticate and authorize users against a
Samba4.1 AD domain controller. It has turned out that samba seems not to
support extended rule 1.2.840.113556.1.4.1941 which allows to query for
transitive group memberships. E.g. group a is member of group b and user c
is member of group b. I want to know if user c is member of group a, which
he is transitively but not directly. According to the Microsoft
documentation this can be queried using the ldap extended rule
1.2.840.113556.1.4.1941 but when doing an ldap search on a Samba4 DC with
this rule it simply returns an empty result. Using ldbsearch i get
ldb: unknown extended rule_id 1.2.840.113556.1.4.1941
I currently run
sernet-samba-ad 99:4.1.4-7
on debian wheezy
Is this going tob e fixed? Is there another possibility to check nested
group membership from ldap without iterating over all groups in the code of
our application?
Thank you all in advance,
regards, Felix
More information about the samba
mailing list