Re: [cifs-protocol] LDAP_SERVER_SD_FLAGS_OID control and search request

Sat, 19 Dec 2009 01:42:57 -0800 

Hi Sebastian,

Hi Matthieu,

If I have understood your question correctly, the answer for it can be found in 
section 3.1.1.3.4.1.11   LDAP_SERVER_SD_FLAGS_OID of MS-ADTS.

The version online, already has this information on the section 
(http://msdn.microsoft.com/en-us/library/cc223323(PROT.10).aspx ).

Please let me know if this addresses your question or if I have misunderstood 
your request.
I read this page, maybe it's implicit that if this control is specified then the nTSecurityDescriptor must be returned with requested parts (accordingly to what has been requested) even if the this attribute has not been requested explicitly in the attribute list. If so can you state it clearly, because as far as I understand (and see) nTSecurityDescriptor is not returned by default if you do not explicitly request it. 

Matthieu.



Thanks and regards,

Sebastian Canevari
Senior Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: [email protected]


-----Original Message-----
From: Sebastian Canevari
Sent: Friday, December 18, 2009 1:55 PM
To: Matthieu Patou; [email protected]; Interoperability Documentation 
Help; [email protected]
Subject: RE: LDAP_SERVER_SD_FLAGS_OID control and search request

Hi Matthieu,

I'll be helping you with this issue.

Thanks and regards,



Sebastian Canevari
Senior Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 
75039 "Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: [email protected]


-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Friday, December 18, 2009 10:36 AM
To: [email protected]; Interoperability Documentation Help; 
[email protected]
Subject: LDAP_SERVER_SD_FLAGS_OID control and search request

Hello,

While testing ADUC I found that this tool is using the control 
LDAP_SERVER_SD_FLAGS_OID when requesting object with no attributes (ie.
CN=Users,DC=home,DC=matws,DC=net) and expect to receive the 
nTSecurityDescriptor.
Of course if you do not provide this control the nTSecurityDescriptor is not 
returned.

I tested this behavior with w2k3r2 and it is how this server behave.

Can you confirm that it's the expected behavior for this control and if 
possible can you document it if it's not already done.

Regards.

Matthieu.




_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to