diff options
| author | Amitay Isaacs <amitay@gmail.com> | 2011-11-30 10:37:14 +1100 |
|---|---|---|
| committer | Amitay Isaacs <amitay@gmail.com> | 2011-12-07 10:41:26 +1100 |
| commit | d3d365daab18245ee5f6c2a2de54b9ba00c47f6e (patch) | |
| tree | 9edef2bf0e21e73362711d6c1864b396d0ee209c | |
| parent | 817f7529d3e6483c83ef336600b8743af62c545e (diff) | |
| download | samba-d3d365daab18245ee5f6c2a2de54b9ba00c47f6e.tar.gz samba-d3d365daab18245ee5f6c2a2de54b9ba00c47f6e.tar.bz2 samba-d3d365daab18245ee5f6c2a2de54b9ba00c47f6e.zip | |
dlz_bind9: For creating a child entry, use only SEC_ADS_CREATE_CHILD
The member servers in AD do not have access to modify the parent, but
do have access to create child DNS records.
| -rw-r--r-- | source4/dns_server/dlz_bind9.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 87476d3444..cb4144d598 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -1133,7 +1133,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const attrs, "objectClass=dnsNode"); if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) { ldb_dn_remove_child_components(dn, 1); - access_mask = SEC_STD_REQUIRED | SEC_ADS_CREATE_CHILD; + access_mask = SEC_ADS_CREATE_CHILD; talloc_free(res); } else if (ldb_ret == LDB_SUCCESS) { access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE; |