[PATCH] Samba 4 fix for bugzilla #4958

Andrew Kroeger andrew at sprocks.gotdns.com
Mon Sep 17 08:17:13 GMT 2007


simo wrote:
> On Sun, 2007-09-16 at 17:11 -0500, Andrew Kroeger wrote:
>> The attached patch fix the error when a rename only changes case.  The
>> error occurrs because ltdb_rename() calls ltdb_add_internal() and then
>> ltdb_delete_internal() to accomplish the rename.  When the rename only
>> changes case, the ltdb_add_internal() call fails because the DN already
>> exists.
>>
>> The attached patch compares the old and new DNs, and if they are the
>> same it calls ltdb_modify_internal() with the flags set to
>> LDB_FLAG_MOD_REPLACE.  If the DNs differ, the original
>> ltdb_add_internal() / ltdb_delete_internal() code is used.
> 
> Andrew in which case do you need this?
> Have you seen some operation failing because of case differences only in
> the RDN ?

Yes, I have seen failures (and so has Matthias who posted the initial
Bugzilla report for #4958).  If I have a group named "mygroup" created
via ADUC, it has a DN of "CN=mygroup,CN=Users,DC=example,DC=com".  With
the current Samba 4 code in SVN, if I attempt to rename "mygroup" to
"MyGroup", that rename fails when ltdb_rename() calls
ltdb_add_internal().  The failure happens because the case-insensitive
nature considers the original DN
("CN=mygroup,CN=Users,DC=example,DC=com") and the new DN
("CN=MyGroup,CN=Users,DC=example,DC=com") to be the same, and
ltdb_add_internal() fails with an LDB_ERR_ENTRY_ALREADY_EXISTS error.

Since submitting my patch, I have regained access to a test W2K3 DC and
checked what happens "under the hood" when renaming an object in ADUC on
a Windows DC.  The rename operation with a Windows DC renames the
attributes and also changes the DN (e.g. from
"CN=mygroup,CN=Users,DC=example,DC=com" to
"CN=MyGroup,CN=Users,DC=example,DC=com").  My patch also renames the
attributes, but it does not change the DN (it would still be
"CN=mygroup,CN=Users,DC=example,DC=com" under Samba 4).  I cannot think
of any problems with this if all DN access and comparisons are handled
in a case-insensitive manner, but I mention it in case there are any
issues with this that I may not be aware of it.

> I ask because I am not sure we should succeed (or just perform a noop)
> when the RDN attribute is case insensitive.
> Do we fail if the attribute is case sensitive? (I expect the dn
> comparison to fail).

I don't have an answer to that.  My proposed patch was intended to
address one case where Samba 4 behavior differed from Windows behavior,
and make that as localized as possible to address the issue.  Given that
the current ltdb_rename() code in SVN uses ltdb_add_internal() and
ltdb_delete_internal() to accomplish the rename, I cannot think of any
adverse effects to using ltdb_modify_internal() in the case where olddn
and newdn are the same.

Am I missing something in the "bigger picture" here?

Thanks,
Andrew Kroeger


More information about the samba-technical mailing list