svn commit: samba r17526 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/modules setup

simo idra at
Mon Aug 14 07:24:21 GMT 2006

On Mon, 2006-08-14 at 16:57 +1000, Andrew Bartlett wrote:
> On Mon, 2006-08-14 at 02:02 -0400, simo wrote:
> > Andrew,
> > I do not think this is the right way to do what you aim for.
> > 
> > I'd like you to revert the change and instead build a module, to be used
> > with the ldap backend, that will remove or change these attributes. This
> > will make it work even if someone sets them by hands with an explicit
> > add/modify operation and will leave the rest of code simpler (as it is
> > now).
> Any add/modify attempting to set these should fail.  We have a special
> case in the provision at the moment, where we want to be able to set a
> deterministic domain and host GUID, but strictly speaking, it should
> fail.
> > I may integrate the operational/objectguid functionality in the schema
> > module later on, so you would need to change this code anyway.
> As I explained on IRC, I'm just trying to get this as close to the
> database as possible, so that these backends can choose how to implement
> it.  The LDAP mapping module chooses to implement this onto the
> entryUUID field (and standard ldap timestamps), while the objectGUID
> module sets values into the database.
> I could write a filter, using ldb_map, then let the backend handle it,
> but I fear creating objectGUID values, then filtering them out.  Other
> modules might read a value that will never hit the disk.  (The
> local_password module currently needs reworking to avoid just this
> issue.  But at least now it will clearly fail, not silently fail).

Given that finally we have per partition modules, I'd say that partition
specific module shave to be segregated into the single partitions.

I'd move objectGUID and operational (as they were before the change)
into the tdb partitions, and use entryUUID and another custom module to
deal with operational attributes over ldap for the ldap partitions.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list