Hi, Nadya, I will take the ownership of this request. I will let you know when I am done with my investigation.
Thanks! Hongwei -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nadezhda Ivanova Sent: Thursday, April 15, 2010 8:22 AM To: Interoperability Documentation Help Cc: [email protected] Subject: [cifs-protocol] Questions regarding 7.1.3.1 ACE Ordering Rules Hello, I was running some test against a Windows 2008 server, forest functional level and domain functional level are both 2008. I created a group via LDAP and provided a security descriptor with ACE's deliberately scrambled - e.g Deny before Allow, Object Specific before Regular. I did not get an LDAP error, the group was successfully created, but the SD looked the way I provided it, that is, not according to the rules described in this section. Can you explain why this happens? What behavior should I expect, is Windows supposed to sort them, return an error, or sort them later, or when a recalculate hierarchy request is sent? In addition: What is ACE canonical form? In the sentence: "The nest rule is only applied if the previous rule(s) give inconclusive results" - what would constitute an inconclusive result? Best Regards, Nadya _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
