summaryrefslogtreecommitdiff
path: root/source4/dns_server/dlz_bind9.c
diff options
context:
space:
mode:
authorAmitay Isaacs <amitay@gmail.com>2011-11-30 10:37:14 +1100
committerAmitay Isaacs <amitay@gmail.com>2011-12-07 10:41:26 +1100
commitd3d365daab18245ee5f6c2a2de54b9ba00c47f6e (patch)
tree9edef2bf0e21e73362711d6c1864b396d0ee209c /source4/dns_server/dlz_bind9.c
parent817f7529d3e6483c83ef336600b8743af62c545e (diff)
downloadsamba-d3d365daab18245ee5f6c2a2de54b9ba00c47f6e.tar.gz
dlz_bind9: For creating a child entry, use only SEC_ADS_CREATE_CHILD
The member servers in AD do not have access to modify the parent, but do have access to create child DNS records.
Diffstat (limited to 'source4/dns_server/dlz_bind9.c')
-rw-r--r--source4/dns_server/dlz_bind9.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 87476d34446..cb4144d5987 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1133,7 +1133,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
attrs, "objectClass=dnsNode");
if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) {
ldb_dn_remove_child_components(dn, 1);
- access_mask = SEC_STD_REQUIRED | SEC_ADS_CREATE_CHILD;
+ access_mask = SEC_ADS_CREATE_CHILD;
talloc_free(res);
} else if (ldb_ret == LDB_SUCCESS) {
access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE;
View Lorry Controller Status