provision: Make clarifying header an LDIF comment in extended-rights.ldif

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/setup/extended-rights.ldif b/source4/setup/extended-rights.ldif
index dd28413201cf4a16ba713db429e59f046849398b..ef4c304960121288dfaf95f76c0efcef62105688 100644 (file)
--- a/source4/setup/extended-rights.ldif
+++ b/source4/setup/extended-rights.ldif
@@ -109,13 +109,27 @@
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 
-6.1.1.2.7.1 controlAccessRight objects
-All controlAccessRight objects have:
-objectClass: controlAccessRight
-rightsGuid: This value is the identifier of the control access right used for security descriptors and SDDL.
-appliesTo: Each value in this attribute is a GUID, with each GUID equaling an attribute schemaIDGUID on a schema object defining a class in the schema NC. This class defines the objects in which the control access right can be a security descriptor for. The appliesTo values on the controlAccessRight are not enforced by the directory server; that is, the controlAccessRight can be included in security descriptors of objects of classes not specified in the appliesTo attribute.
-localizationDisplayId: This is implementation-specific information for the administrative application.
-validAccesses: This is implementation-specific information for the administrative application.
+# 6.1.1.2.7.1 controlAccessRight objects
+# All controlAccessRight objects have:
+# objectClass: controlAccessRight
+# rightsGuid: This value is the identifier of the control access right
+#             used for security descriptors and SDDL.
+# appliesTo: Each value in this attribute is a GUID, with each GUID
+#            equaling an attribute schemaIDGUID on a schema object
+#            defining a class in the schema NC. This class defines the
+#            objects in which the control access right can be a
+#            security descriptor for. The appliesTo values on the
+#            controlAccessRight are not enforced by the directory
+#            server; that is, the controlAccessRight can be included
+#            in security descriptors of objects of classes not
+#            specified in the appliesTo attribute.
+# localizationDisplayId: This is implementation-specific information
+#                        for the administrative application.
+# validAccesses: This is implementation-specific information for the
+#                administrative application.
+#
+# NOTE: while it is claimed that validAccesses is implementation-specfic
+# it can be determined by careful reading of other parts of MS-ADTS
 
 dn: CN=Change-Rid-Master,CN=Extended-Rights,${CONFIGDN}
 objectClass: top