6990 – Unable to display ACL on different objects like containers or contacts

Bug 6990 - Unable to display ACL on different objects like containers or contacts

Summary: Unable to display ACL on different objects like containers or contacts

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	unspecified
Hardware:	Other Linux

Importance:	P3 major (vote)
Target Milestone:	---
Assignee:	Andrew Tridgell
QA Contact:	samba4-qa@samba.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-12-15 15:13 UTC by Matthieu Patou
Modified:	2009-12-16 04:10 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthieu Patou 2009-12-15 15:13:35 UTC

With ADCU it's impossible to see the ACL (Unable to display or something similar).

To reproduce with a recent S4: 

* start ADCU 
* right click properties on containter Users  at the root of the domain tree(CN=Users,DC=domain,DC=tld)
* go to the security tab

Comment 1 Matthieu Patou 2009-12-15 15:40:29 UTC

The problem lies in ./source4/dsdb/samdb/ldb_modules/operational.c
because the removal of nTSecurityDescriptor is a bit too simplistic.
This page: http://msdn.microsoft.com/en-us/library/aa366987%28VS.85%29.aspx explains that when the following control is present  1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID) then SD must be included.

Comment 2 Andrew Tridgell 2009-12-16 04:10:15 UTC

should be fixed with commit 41e403adb0fa76c8d15d5d1ef38b195a6da2265c

Please test, and let me know if there is still a problem.

Thanks for the bug report!

Cheers, Tridge