git.samba.org - samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Wed, 31 Jan 2018 17:00:24 +0000 (18:00 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Mon, 19 Mar 2018 19:30:51 +0000 (20:30 +0100)
commit	fb03f9a1de1d8069fcce8710d275371305122bb3
tree	f759edd6f3820e44d7c7f0ef05c16a5bec457666	tree
parent	799c9d1ce31258c6405602c2f8c53b93be582352	commit \| diff

dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes

This implements the handling for FPO-enabled attributes, see
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes:

  FPO-enabled attributes: member, msDS-MembersForAzRole,
    msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup,
    msDS-ServiceAccount.

Note there's no msDS-ServiceAccount in any schema (only
msDS-HostServiceAccount and that's not an FPO-enabled attribute
at least not in W2008R2)

msDS-NonMembers always generates NOT_SUPPORTED against W2008R2.

See also [MS-SAMR] 3.1.1.8.9 member.

We now create foreignSeurityPrincipal objects on the fly (as needed).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest/knownfail.d/foreignSecurityPrincipal	[deleted file]	blob \| history
source4/dsdb/samdb/ldb_modules/extended_dn_store.c		diff \| blob \| history