Restrictions on invocationID?
Stefan (metze) Metzmacher
metze at samba.org
Sun Apr 29 12:24:34 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett schrieb:
> Metze:
>
> I'm trying to implement the cn=configuration container against LDAP.
> Currently, it doesn't work because we fix the invocationID *and*
> objectGUID of the cn=NTDS Settings,cn=$COMPUTER... record to be a
> 'fixed' random value (ie, not generated by the LDAP backend).
>
> OpenLDAP objects to us setting it's entryUUID values. My questions is:
> does the invocationID need to match the objectGUID on that entry?
Hi Andrew,
in the "load schema by default" patch I changed our way to handle this.
so the objectGUID will always be generated by the backend, and we don't
need a special rule for it. And the invocationId will be set by the
caller as it's currently.
Normaly the first objectGUID and invocationId match on the first
installed DC in a forest. On all other DC it doesn't match,
because the new DC chooses its invocationID before the NTDS Settings
object is created via DsAddEntry() on the other DC, the reply of
DsAddEntry() returns then the objectGUID of the object.
So we should just remove all objectGUID: elements from our ldif files.
Windows also doesn't allow a caller to specify the objectGUID and our
repl_meta_data module also rejects it.
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGNI6Cm70gjA5TCD8RAtqYAKCadCHJX40wirpVKp8WWhYI8MzbeACeKtj2
EYb7Mk7HET0mfg/rrkSYY68=
=/C3+
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list