[LDB][PATCH] Make LDB fail on invalid baseDN

Stefan (metze) Metzmacher metze at samba.org
Fri Nov 9 12:35:56 GMT 2007

Hash: SHA1

Andrew Bartlett schrieb:
> When searching in LDB, we don't currently ensure that the base DN
> actually exists.  With this patch we will - therefore returning correct
> errors to clients, and matching behaviour with LDAP (making support for
> an LDAP backend easier, as the same error paths apply). 
> The main issue with this patch so far is that places where we expect
> this non-standard behaviour.  Many I've removed for the LDAP backend,
> but I still need to work on SPOOLSS and WINS.

There's also the samba3 group mapping code and the OpenChange code.

And I think there're lot more callers within samba which check for
res->count == 0 instead of NO_SUCH_OBJECT, do a grep 'res->count' */*.c
*/*/*.c */*/*/*.c. In most cases this are BASE searches...

I think we would be good to explict enable this new behavior via
an @OPTIONS object. And only do for our samdb.ldb.

> The main issue I can see with this patch is that it's racy - it is
> theoretically possible for the base DN to exist, and be deleted before
> we finish the search, as it's just a 'pre-check'.  

Doesn't ltdb_[un]lock_read() handle this.

Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the samba-technical mailing list