The implementation of lsa_open_policy in py_lsa.c ignores the 'access' parameter. In additon, the hardcoded value in the call to cli_lsa_open_policy doesn't work against a NetApp filer when you subsequently try to resolve a SID.
Created attachment 708 [details] Corrects the two issues described in the bug. Sets the default value of desired_access to a value compatible with both NetApp and Windows such that subsequent calls to resolve a SID will succeed on both. Also, passes the value of desired_access (if passes by caller) into the call to lsa_open_policy.
The default value is the same as that used in smbcacls which does work against both NetApp and Windows.
I fixed this ages ago.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.