[LDB][PATCH] Make LDB fail on invalid baseDN

Andrew Bartlett abartlet at samba.org
Sat Nov 10 00:44:47 GMT 2007

On Fri, 2007-11-09 at 13:35 +0100, Stefan (metze) Metzmacher wrote:
> Hash: SHA1
> Andrew Bartlett schrieb:
> > When searching in LDB, we don't currently ensure that the base DN
> > actually exists.  With this patch we will - therefore returning correct
> > errors to clients, and matching behaviour with LDAP (making support for
> > an LDAP backend easier, as the same error paths apply). 
> > 
> > The main issue with this patch so far is that places where we expect
> > this non-standard behaviour.  Many I've removed for the LDAP backend,
> > but I still need to work on SPOOLSS and WINS.
> There's also the samba3 group mapping code and the OpenChange code.
> And I think there're lot more callers within samba which check for
> res->count == 0 instead of NO_SUCH_OBJECT, do a grep 'res->count' */*.c
> */*/*.c */*/*/*.c. In most cases this are BASE searches...
> I think we would be good to explict enable this new behavior via
> an @OPTIONS object. And only do for our samdb.ldb.

That does seem easier than fixing all the other LDB users. 

> > The main issue I can see with this patch is that it's racy - it is
> > theoretically possible for the base DN to exist, and be deleted before
> > we finish the search, as it's just a 'pre-check'.  
> Doesn't ltdb_[un]lock_read() handle this.

I suppose it would - I would appreciate any guidance in that matter.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20071110/8bd54c9a/attachment.bin

More information about the samba-technical mailing list