Hi Matthieu, I've created case 111020105939834 for this and one of the Open Specification team will contact you shortly to start working with you on this problem.
Best regards, Tom Jebo Escalation Engineer Microsoft Open Specifications -----Original Message----- From: Matthieu Patou [mailto:[email protected]] Sent: Monday, January 31, 2011 4:43 PM To: Interoperability Documentation Help; [email protected]; [email protected] Subject: server behavior with dirsync control when the search base is not a root of a nc Dear doc team, I have some question related to the behavior of w2k8r2 vs what is described in the docuementation. MS-ADTS.pdf at paragraph "3.1.1.3.4.1.3LDAP_SERVER_DIRSYNC_OID" says: "If the base of the search is not the root of an NC, the server will return the error unwillingToPerform ([RFC2251] section 4.1.10). If the search scope is not subtree scope, the server will treat the search as if subtree scope was specified." If I do a search with ldbsearch with LDAP_DIRSYNC_OBJECT_SECURITY not set like this on the base "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net": mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:0:1000" -H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net" I get search error - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002105: LdapErr: DSID-0C0908C0, comment: Error processing control, data 0, v1db0> <> I suppose I should have unwilling_to_perform If I set the LDAP_DIRSYNC_OBJECT_SECURITY flag with the same user and the same base: mat@ares:/usr/local/src/samba4/source4$ ./bin/ldbsearch --controls="dirsync:1:1:1000" -H ldap://172.16.100.25 -U administrator%totoTATA123 '(samaccountname=simple)' -b "CN=Users,DC=w2k8r2,DC=home,dc=matws,dc=net" Then I correctly get the "unwilling_to_perform" error. search error - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020F7: LdapErr: DSID-0C0908F3, comment: Error processing control, data 0, v1db0> <> Can you explain if I missed something in the doc or if the doc is not accurate ? Regards Matthieu. -- Matthieu Patou Samba Team http://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
