[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Wed Sep 1 18:41:49 MDT 2010 

The branch, master has been updated
       via  768475d s4:dsdb Fix attribute being searched for in dereference against Fedora DS
       via  68c61df s4:dsdb Make the dereference control critical if input is critical
       via  379d073 s4:dsdb Don't reload the schema against OpenLDAP backend
       via  896553a s4:provision Allow OpenLDAP backend to provision again
       via  9aae504 s4:provision Improved error handling in provisionbackend
      from  97246f7 s4-test-dssync: Print the reason for skipping FetchNT4Data test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 768475d5716faaf3e730404d44d68f7a3250d861
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jul 11 23:11:09 2010 +1000

    s4:dsdb Fix attribute being searched for in dereference against Fedora DS
    
    The problem here is that these attributes are not mapped in the
    simple_ldap_map, and they were changed a while back.
    
    Andrew Bartlett

commit 68c61dfa3fa925c63247bef83f10dfa2efa458e6
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jul 11 23:08:46 2010 +1000

    s4:dsdb Make the dereference control critical if input is critical
    
    This helps us ensure that the backend knows about and respects the
    dereference control if our caller has asked that the extended DN control
    be considered critical.
    
    Andrew Bartlett

commit 379d073444f7acafb6e5761dd667073ad7371771
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jul 11 23:07:06 2010 +1000

    s4:dsdb Don't reload the schema against OpenLDAP backend
    
    The schema should be considered read-only when we are using the OL
    backend, as we can't update the backend schema in real time anyway.
    
    Andrew Bartlett

commit 896553a1a85f541f72ab6b45e71d89d00e727791
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jul 8 11:44:13 2010 +1000

    s4:provision Allow OpenLDAP backend to provision again
    
    OpenLDAP does not have any post-setup requirements at the moment.
    
    Andrew Bartlett

commit 9aae50443df5471b91e4d829c0ca0285adeb71bb
Author: Zahari Zahariev <zahari.zahariev at postpath.com>
Date:   Sat Jul 3 21:43:42 2010 +0300

    s4:provision Improved error handling in provisionbackend
    
    When using OpenLDAP as a backend with Samba4 we get failure during
    provision and this patch will help better determining the real error.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/extended_dn_out.c   |    6 ++++--
 source4/dsdb/samdb/ldb_modules/samba_dsdb.c        |    4 ++++
 source4/dsdb/samdb/ldb_modules/schema_load.c       |   12 +++++++++---
 source4/scripting/python/samba/provisionbackend.py |    7 +++++--
 4 files changed, 22 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
index ba4054a..07c0bff 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
@@ -549,6 +549,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request
 	const char * const *const_attrs;
 	struct ldb_context *ldb = ldb_module_get_ctx(module);
 	int ret;
+	bool critical;
 
 	struct extended_dn_out_private *p = talloc_get_type(ldb_module_get_private(module), struct extended_dn_out_private);
 
@@ -646,6 +647,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request
 
 	/* mark extended DN and storage format controls as done */
 	if (control) {
+		critical = control->critical;
 		control->critical = 0;
 	}
 
@@ -659,7 +661,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request
 	if (control && p && p->dereference && p->dereference_control) {
 		ret = ldb_request_add_control(down_req,
 					      DSDB_OPENLDAP_DEREFERENCE_CONTROL,
-					      false, p->dereference_control);
+					      critical, p->dereference_control);
 		if (ret != LDB_SUCCESS) {
 			return ret;
 		}
@@ -824,7 +826,7 @@ static int extended_dn_out_fds_init(struct ldb_module *module)
 {
 	static const char *attrs[] = {
 		"nsUniqueId",
-		"objectSID",
+		"sambaSID",
 		NULL
 	};
 
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 82f5ec3..cdfc8d7 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -260,6 +260,10 @@ static int samba_dsdb_init(struct ldb_module *module)
 			backend_modules = openldap_backend_modules;
 			extended_dn_module = extended_dn_module_openldap;
 		}
+		ret = ldb_set_opaque(ldb, "readOnlySchema", (void*)1);
+		if (ret != LDB_SUCCESS) {
+			ldb_set_errstring(ldb, "Failed to set readOnlySchema opaque");
+		}
 	}
 
 #define CHECK_MODULE_LIST \
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index 1542018..28c0209 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -225,9 +225,15 @@ static int dsdb_schema_from_db(struct ldb_module *module, struct ldb_dn *schema_
 	}
 
 	(*schema)->refresh_in_progress = true;
-	(*schema)->refresh_fn = dsdb_schema_refresh;
-	(*schema)->loaded_from_module = module;
-	(*schema)->loaded_usn = current_usn;
+
+	/* If we have the readOnlySchema opaque, then don't check for
+	 * runtime schema updates, as they are not permitted (we would
+	 * have to update the backend server schema too */
+	if (!ldb_get_opaque(ldb, "readOnlySchema")) {
+		(*schema)->refresh_fn = dsdb_schema_refresh;
+		(*schema)->loaded_from_module = module;
+		(*schema)->loaded_usn = current_usn;
+	}
 
 	/* "dsdb_set_schema()" steals schema into the ldb_context */
 	ret = dsdb_set_schema(ldb, (*schema));
diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py
index ccb793f..7a36bdc 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -273,6 +273,8 @@ class LDAPBackend(ProvisionBackend):
             # and now wait for it to die
             self.slapd.communicate()
 
+    def post_setup(self):
+        pass
 
 class OpenLDAPBackend(LDAPBackend):
 
@@ -538,11 +540,12 @@ class OpenLDAPBackend(LDAPBackend):
         if not os.path.isdir(self.olcdir):
             os.makedirs(self.olcdir, 0770)
 
-            retcode = subprocess.call([self.slapd_path, "-Ttest", "-n", "0",
-                "-f", self.slapdconf, "-F", self.olcdir], close_fds=True,
+            slapd_cmd = [self.slapd_path, "-Ttest", "-n", "0", "-f", self.slapdconf, "-F", self.olcdir]
+            retcode = subprocess.call(slapd_cmd, close_fds=True,
                 shell=False)
 
             if retcode != 0:
+                self.logger.error("conversion from slapd.conf to cn=config failed slapd started with: %s" %  "\'" + "\' \'".join(slapd_cmd) + "\'")
                 raise ProvisioningError("conversion from slapd.conf to cn=config failed")
 
             if not os.path.exists(os.path.join(self.olcdir, "cn=config.ldif")):


-- 
Samba Shared Repository

More information about the samba-cvs mailing list