[SAMBA4][PATCH] Handle search_options control in LDB
Stefan (metze) Metzmacher
metze at samba.org
Wed Feb 21 07:41:36 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett schrieb:
> On Tue, 2007-02-20 at 08:24 -0500, simo wrote:
>> On Tue, 2007-02-20 at 18:00 +1100, Andrew Bartlett wrote:
>>> Attached please find a patch to implement the server_side of the
>>> search_options control, for the 'phantom root' bit (only).
>> Can you also implement the other bit?
>
> I'm not entirely clear on it's behaviour.
That would mean we need to send referals back in the normal case,
for sub partitions on a subtree search, and reply with the normal
object in a one level search...
On Windows ADS servers, partitions are stored separated!
Enumerated the tree hierarchy, and if they reach a object
with the INSTANCE_TYPE_IS_NC_HEAD flag in the instanceType attribute
and the search scope is subtree they return a referral for this object
and don't walk to child objects. In all other cases the complete object
is returned.
With the DOMAIN_SCOPE bit, no referrals are returned, but the
normal object.
With the PHANTOM_ROOT bit the INSTANCE_TYPE_IS_NC_HEAD is ignored
completely.
So out design of partitions doesn't match the windows one...
Currently we store the CN=Configuration, object only in the config.ldb
and searches to the domain partition didn't return it and this is wrong.
the CN=Configuration, object is part of it's parent partition and at the
same time head of the subpartition.
The NET-API-BECOME-DC test shows this, and it creates the object twice,
as it is replicated in both partitions, but it should end up just once
in the ldb.
I assume we need to move to a real hierarchic structure in the ldb
backend, or at least in a plugin directly on top of the ldb_tdb backend.
This will also magically speed up the searches when we add real access
checking, as we then can easy cache the security descriptors of the
parents of the currently checked object.
But for now we might find an easier way with the current design...:-)
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFF2/ewm70gjA5TCD8RAin3AKCaH/ikUVbIPMfY01J5p5WAPhcqzQCeJRsB
PKu5Lq0GIZ9+afbWTkRVkoA=
=1ryd
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list