svn commit: samba r20315 - in branches/SAMBA_4_0/source:
dsdb/samdb
dsdb/samdb/ldb_modules librpc/idl rpc_server/drsuapi torture/rpc
Stefan (metze) Metzmacher
metze at samba.org
Fri Dec 22 16:29:18 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan (metze) Metzmacher schrieb:
> abartlet at samba.org schrieb:
>> Author: abartlet
>> Date: 2006-12-22 07:04:06 +0000 (Fri, 22 Dec 2006)
>> New Revision: 20315
>
>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20315
>
>> Log:
>> Implement the server side of DsGetDomainControllerInfo. This is a
>> supprisingly complex call...
>
>> It turns out that the in/out parameter 'level' is not in/out, but set
>> seperatly by the server-side code from r->req.req1.level.
>
>> This commit also breaks out some common code from samldb into samdb.
>
> Hi Andrew,
>
> I fear your implementation for the DSGetDomainControllerInfo is a bit
> wrong...
>
> what we need to do is this:
>
> 1. lookup the domain dn using samdb_domain_to_dn().
> and return WERR_DS_OBJ_NOT_FOUND if it's not found.
>
> 2. then lookup the sites container dn sing samdb_sites_dn().
>
> 3. and search in the sites container for all nTDSDSA objects.
> and not for all server objects, as member servers can also have them
> when they host a DFS share and use FRS.
>
> 4. then for every found nTDSDSA object we need to lookup the parent
> server object and see if the serverReference (which holds the dn
> of the computer account) matches the domain dn using
> ldb_dn_compare_base(). This is needed because the DC's of all domains
> in the forest are under the same sites container.
> We might also need to check if the computer account has the
> UF_SERVER_TRUST_ACCOUNT bit in userAccountControl.
also the samdb_search_for_parent_domain() seems very ugly for finding
out if the server is a pdc. We should ask for the fSMORoleOwner in a
search on the domain dn (we got in 1.)
we should get rid of samdb_search_for_parent_domain() completely:-)
and implement the rid allocation correct using rid pools and implement
the rid manager fSMORole. The nextRid field of the domain is only used
by the pdc (or rid manager, I don't know
exactly) in mixed mode.
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFjAfem70gjA5TCD8RAjwsAKCm8mGBqJTXAwU9yPFtmrlksfafMwCgiI1s
4ghDNkTOF1Ci3lZMj+u/fpA=
=GOVR
-----END PGP SIGNATURE-----
More information about the samba-cvs
mailing list