svn commit: samba r20315 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules librpc/idl rpc_server/drsuapi torture/rpc

Stefan (metze) Metzmacher metze at samba.org
Fri Dec 22 16:29:18 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stefan (metze) Metzmacher schrieb:
> abartlet at samba.org schrieb:
>> Author: abartlet
>> Date: 2006-12-22 07:04:06 +0000 (Fri, 22 Dec 2006)
>> New Revision: 20315
> 
>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20315
> 
>> Log:
>> Implement the server side of DsGetDomainControllerInfo.  This is a
>> supprisingly complex call...
> 
>> It turns out that the in/out parameter 'level' is not in/out, but set
>> seperatly by the server-side code from r->req.req1.level.
> 
>> This commit also breaks out some common code from samldb into samdb.
> 
> Hi Andrew,
> 
> I fear your implementation for the DSGetDomainControllerInfo is a bit
> wrong...
> 
> what we need to do is this:
> 
> 1. lookup the domain dn using samdb_domain_to_dn().
>    and return WERR_DS_OBJ_NOT_FOUND if it's not found.
> 
> 2. then lookup the sites container dn sing samdb_sites_dn().
> 
> 3. and search in the sites container for all nTDSDSA objects.
>    and not for all server objects, as member servers can also have them
>    when they host a DFS share and use FRS.
> 
> 4. then for every found nTDSDSA object we need to lookup the parent
>    server object and see if the serverReference (which holds the dn
>    of the computer account) matches the domain dn using
>    ldb_dn_compare_base(). This is needed because the DC's of all domains
>    in the forest are under the same sites container.
>    We might also need to check if the computer account has the
>    UF_SERVER_TRUST_ACCOUNT bit in userAccountControl.

also the samdb_search_for_parent_domain() seems very ugly for finding
out if the server is a pdc. We should ask for the fSMORoleOwner in a
search on the domain dn (we got in 1.)

we should get rid of samdb_search_for_parent_domain() completely:-)
and implement the rid allocation correct using rid pools and implement
the rid manager fSMORole. The nextRid field of the domain is only used
by the pdc (or rid manager, I don't know
exactly) in mixed mode.

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFjAfem70gjA5TCD8RAjwsAKCm8mGBqJTXAwU9yPFtmrlksfafMwCgiI1s
4ghDNkTOF1Ci3lZMj+u/fpA=
=GOVR
-----END PGP SIGNATURE-----

More information about the samba-cvs mailing list