On Thu, 2008-07-17 at 08:20 -0700, Richard Guthrie wrote: > Andrew, > > I think I have some answers for you but I wanted to clarify the > question first. As I understand it, you are looking to get > information on how objects sync’ed via Directory Replication Services > (DRS) look to a receiving application, what is their layout, how are > they exposed to the application that has requested the sync via a > mechanism like IDL_DRSGetNCChanges in the DRSUAPI interface (MS-DRSR) > with respect to privledge and access control structures. For example, > if one were to replicate permissions or privledges between two domain > controllers, what would that permissions object look like to the > receiving domain controller and what would an application like the > Local Security Authority (LSA) running on a domain controller see, how > would it access them. Is this a correct interpretation of what you > are looking for?
Pretty much. As I said, the SAMR documentation does a pretty good job of defining the operation of the server into the attributes it uses, where the LSA document describes only an abstract store. The background is that I need to correct our LSA implementation to use a compatible storage of privileges (in particular), so that if a privilege is set on a Microsoft DC, that I can read it after replicating it using DRS to a Samba DC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
