Nadya - I don't think the LDAP_SERVER_SD_FLAGS_OID control should have any effect during an add operation, since the flags for the control indicate which security descriptor parts to retrieve during a search, which should explain why LDAP_UNAVAILABLE_CRIT_EXTENSION is not being returned (assuming the add succeeded).
I have filed a TDI to obtain authoritative information concerning this, and will update you with results as they develop. Could you advise me concerning how much this impacts progress on your implementation? References: [MS-ADTS] 3.1.1.3.4.1.11 LDAP_SERVER_SD_FLAGS_OID http://msdn.microsoft.com/en-us/library/cc223323(PROT.13).aspx The LDAP_SERVER_SD_FLAGS_OID control is used with an LDAP Search request to control the portion of a Windows Security Descriptor to retrieve. LDAP_SERVER_SD_FLAGS_OID Control Code http://msdn.microsoft.com/en-us/library/aa366987(VS.85).aspx The security information flags indicate which security descriptor parts to retrieve during a search. Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -----Original Message----- From: Bill Wesse Sent: Thursday, November 19, 2009 2:07 PM To: 'Nadezhda Ivanova' Cc: cifs-proto...@samba.org Subject: RE: Need some help with LDAP_SERVER_SD_FLAGS_OID control (SRX091119600169) Hi Nadya - I will be your contact for this one. Here is the case number: SRX091119600169: [MS-ADTS] 7.1.3.2 LDAP_SERVER_SD_FLAGS_OID I will begin my investigation today! Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -----Original Message----- From: Nadezhda Ivanova [mailto:nadezhda.ivan...@postpath.com] Sent: Thursday, November 19, 2009 12:34 PM To: Interoperability Documentation Help Cc: cifs-proto...@samba.org Subject: Need some help with LDAP_SERVER_SD_FLAGS_OID control Hello, I have been working on the implementation of LDAP_SERVER_SD_FLAGS_OID in Samba, and I have a question. Is this control relevant for an LDAP add request? I have been testing against Win2008. Adding this control to the request does not seem to have any effect. When I set it to Critical, I do not get LDAP_UNAVAILABLE_CRIT_EXTENSION, as described in http://msdn.microsoft.com/en-us/library/aa367025%28VS.85%29.aspx At the same tine, in MS-ADTS, section 7.1.3.2 SD Flags Control, it says: "When performing an LDAP operation (add, modify or search), the client may supply an SD flags control LDAP_SERVER_SD_FLAGS_OID with the operation." So, if the control is valid for an LDAP add, what should be the behavior? Best Regards, Nadezhda Ivanova _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol