Hi,
It seems I didn't have any news on this point.
Can you provide updates ?
Matthieu.
On 01/02/2011 01:35, Matthieu Patou wrote:
Dear doc team,
This page,
http://msdn.microsoft.com/en-us/library/cc223347%28v=prot.10%29.aspx,
says:
"If the flag is not specified, the server MUST do the following:
....
If the server is running Windows ServerĀ® 2008 operating system or
Windows ServerĀ® 2008 R2 operating system and the client has requested
any attributes in the filtered attribute set, the server checks that
the client has the DS-Replication-Get-Changes-In-Filtered-Set control
access right (section 7.1.1.2.7.71
<http://msdn.microsoft.com/en-us/library/cc223657%28v=prot.10%29.aspx>) or
else returns the /insufficientAccessRights/ error to the client."
The flag that we are talking about is LDAP_SERVER_DIRSYNC_OID.
I either have some problems to understand the meaning of "requested
any attributes in the filtered attribute set" or I have problems
requesting them or something else as I'm unable to test this
particular case.
In w2k8r2 I created a user and granted him DS-Replication-Get-Changes,
but not DS-Replication-Get-Changes-In-Filtered-Set so I'm expecting
that when I add the filter "(samaccountname=ad*)", in the ldap
request, that the system will reject my request but it's not so I'm
wondering what is exactly "the filtered attribute set" ? Can you
clarify this point ?
Regards.
Matthieu Patou.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
