Bug 6990 - Unable to display ACL on different objects like containers or contacts
Summary: Unable to display ACL on different objects like containers or contacts
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 major (vote)
Target Milestone: ---
Assignee: Andrew Tridgell
QA Contact: samba4-qa@samba.org
Depends on:
Reported: 2009-12-15 15:13 UTC by Matthieu Patou
Modified: 2009-12-16 04:10 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2009-12-15 15:13:35 UTC
With ADCU it's impossible to see the ACL (Unable to display or something similar).

To reproduce with a recent S4: 

* start ADCU 
* right click properties on containter Users  at the root of the domain tree(CN=Users,DC=domain,DC=tld)
* go to the security tab
Comment 1 Matthieu Patou 2009-12-15 15:40:29 UTC
The problem lies in ./source4/dsdb/samdb/ldb_modules/operational.c
because the removal of nTSecurityDescriptor is a bit too simplistic.
This page: http://msdn.microsoft.com/en-us/library/aa366987%28VS.85%29.aspx explains that when the following control is present  1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID) then SD must be included.
Comment 2 Andrew Tridgell 2009-12-16 04:10:15 UTC
should be fixed with commit 41e403adb0fa76c8d15d5d1ef38b195a6da2265c

Please test, and let me know if there is still a problem.

Thanks for the bug report!

Cheers, Tridge