[PATCH] Implement msDS-RevealedUsers for RODC auditing
Garming Sam
garming at catalyst.net.nz
Wed Mar 8 21:59:06 UTC 2017
Hi,
Here are some patches to implement the msDS-RevealedUsers attribute for
RODCs. The typical behaviour is that when an RODC replicates passwords,
the user whose secrets were revealed (to this less privileged domain
controller) are recorded against the RODC using this attribute.
There are a few changes required in order to correctly handled
multi-valued binary linked attributes (which should also not be modified):
* Handling duplicated backlinks pointing to the same object (as the
forward links are repeated DNs with different binary portions)
* Improve dbcheck handling against these links
* Restricting modification, through previously unimplemented
restriction of systemOnly attributes
There's a number of tests now written for the auditing behaviour, as
well as a number of fixes to bugs in the overall RODC (which were found
through the testing).
Any thoughts would be appreciated.
Cheers,
Garming
http://git.catalyst.net.nz/gitweb?p=samba.git;a=shortlog;h=refs/heads/revealed-test-final
git://git.catalyst.net.nz/samba.git revealed-test-final
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: revealed.patch
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170309/b858d524/revealed-0001.patch>
More information about the samba-technical
mailing list