See [MS-ADTS] 6.1.3.2 SD Flags Control:
...
When performing an LDAP add operation, the client can supply an SD flags control
with the operation; however, it will be ignored by the server.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
return ldb_operr(ldb);
}
+ /*
+ * The SD_FLAG control is ignored on add
+ * and we default to all bits set.
+ */
+ sd_flags = 0xF;
+
sd = get_new_descriptor(module, dn, req,
objectclass, parent_sd,
- user_sd, NULL, 0);
+ user_sd, NULL, sd_flags);
msg = ldb_msg_copy_shallow(req, req->op.add.message);
if (sd != NULL) {
if (sd_element != NULL) {