[Samba] Nested Group control doesn't work
Andrew Bartlett
abartlet at samba.org
Sun Dec 13 04:06:22 UTC 2015
On Sat, 2015-12-12 at 10:25 -0600, Jonathan S. Fisher wrote:
> Hey guys,
>
> We can perform this LDAP query against Windows Server 2012 no
> problem, but
> against samba it's failing:
>
> (&(sAMAccountName={0})(memberOf:1.2.840.113556.1.4.1941:=CN=graylog_u
> sers,OU=Applications,OU=Groups,DC=ad,DC=corp,DC=xxx,DC=com))
>
> Is that "nested group" tree control
> (memberOf:1.2.840.113556.1.4.1941:)
> supported? If not, is there a better way to design this ldap search
> so it
> supports nested groups?
No, it is not currently supported. It made it into Samba master, but
was reverted due to a crash bug pointed out on:
https://bugzilla.samba.org/show_bug.cgi?id=10493
We hope to return it for 4.4.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list