Hi, While I was trying to implement "Object(OR-Name)" syntax handling in Samba, I've got some unexpected results. There are several places to describe this syntax: http://msdn.microsoft.com/en-us/library/cc223181%28PROT.13%29.aspx - from ADTS http://msdn.microsoft.com/en-us/library/cc228440%28PROT.13%29.aspx - from DRSR
Documentation says (ADTS and DRSR) that values with "Object(OR-Name)" syntax are in 'object_DN' format which is in "Object(DS-DN)" format. At first I got the impression, that "Object(OR-Name)" and "Object(DS-DN)" are the same. But then, LDAP queries against AD always returns plain-dn DNs - even when 'extended dn' control is passed. So I come to a conclusion, 'object_DN' means "DN part from Object(DS-DN) syntax". After some tests with DRSUAPI interface though, it turns that values with 'OR-Name' syntax are transmitted in "<GUID=..>;<SID=...>;dn" format which is "Object(DS-DN)" format! At this point, I decided, that "Object(OR-Name)" is represented in two ways: 1. plain_dn - when working through LDAP 2. Object(DS-DN) - when transmitted using DRS interface But then, after few hours of debugging/testing I was surprised to find out that through DRS interface, values with "Object(OR-Name)" syntax are transmitted as "Object(DN-Binary)"! Here is some test data: I am playing with "authOring" attribute (from MS Exchange 2003 provisioning) Through DRS I am getting blob with value: 0x960000001c000000167dcc23a03d3a4f99210ad60a99230f0105000000000005150000009ca04dcc46a0a763e4b37ba4f40100002e00000043004e003d00410064006d0069006e006900730074007200610074006f0072002c0043004e003d00550073006500720073002c00440043003d006b006d0061002d0065007800630068002c00440043003d0064006500760065006c000000000004000000 When I assume this value is in Object(DS-DN) format, it is correctly converted to following extended-DN: <GUID=23cc7d16-3da0-4f3a-9921-0ad60a99230f>;<SID=S-1-5-21-3427639452-1671929926-2759570404-500>;CN=Administrator,CN=Users,DC=kma-exch,DC=devel However, the above mentioned extended-DN does not match exactly the blob value when it is converted back to blob using "Object(DS-DN)" syntax handling. On the other hand, when using "Object(DN-Binary)" syntax implementation, forward/backward conversions match perfectly. I.e. the abovementioned blob value should be decoded to DN-Binary value: B:0::<GUID=23cc7d16-3da0-4f3a-9921-0ad60a99230f>;<SID=S-1-5-21-3427639452-1671929926-2759570404-500>;CN=Administrator,CN=Users,DC=kma-exch,DC=devel"; I think there is a bug in documentation? Please, clarify? Thanks, Kamen Mazdrashki kamen.mazdras...@postpath.com http://repo.or.cz/w/Samba/kamenim.git ------------------------------------- CISCO SYSTEMS BULGARIA EOOD http://www.cisco.com/global/BG/ _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
