svn commit: samba r17499 - in branches/SAMBA_4_0/source: scripting/libjs setup

Andrew Bartlett abartlet at samba.org
Sat Aug 12 08:58:51 GMT 2006 

On Sat, 2006-08-12 at 10:41 +0200, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> abartlet at samba.org schrieb:
> > Author: abartlet
> > Date: 2006-08-11 22:11:29 +0000 (Fri, 11 Aug 2006)
> > New Revision: 17499
> > 
> > WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17499
> > 
> > Log:
> > Open the main database only the minimum times during a provision.
> > 
> > This causes things to operate as just one transaction (locally), and
> > to make a minimum of TCP connections when connecting to a remote LDAP
> > server.
> > 
> > Taking advantage of this, create another file to handle loading the
> > Samba4 specific schema extensions.  Also comment out 'middleName' and
> > reassign the OID to one in the Samba4 range, as it is 'stolen' from a
> > netscape range that is used in OpenLDAP and interenet standards for
> > 'ref'.
> > 
> > Andrew Bartlett
> 
> > +dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN}
> > +cn: ntpwdHash
> > +name: NTPWDHash
> 
> > +dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN}
> > +cn: lmpwdHash
> > +name: lmpwdHash
> 
> don't we use a 'samba' prefix for these too?

Surprisingly, no.  I think we agreed not to do another rename until we
finished the DRSUAPI decryption.

> > +dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN}
> > +cn: dnsDomain
> > +name: dnsDomain
> > +objectClass: top
> > +objectClass: attributeSchema
> > +lDAPDisplayName: dnsDomain
> isn't this in the ADS schema already as "domainDNS"
> and I think it's just a typo that we use dnsDomain.

This is a bug.  What happened is that tridge was expecting cldap to do
'normal' searches.  What actually happens is that cldap handles searches
differently, if you ask for the netlogon attribute.  Otherwise, it does
normal searches on the rootdse.  We just need it to split the client's
dnsDomain search expression into a baseDN of dc=foo,dc=bar components.

Once we fix the cldap netlogon code, we can remove this element.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060812/ad451441/attachment.bin

More information about the samba-technical mailing list