[PATCH] Samba 4 fix for bugzilla #4958

Andrew Bartlett abartlet at samba.org
Mon Sep 17 12:15:00 GMT 2007

On Mon, 2007-09-17 at 03:17 -0500, Andrew Kroeger wrote:
> simo wrote:
> > On Sun, 2007-09-16 at 17:11 -0500, Andrew Kroeger wrote:
> >> The attached patch fix the error when a rename only changes case.  The
> >> error occurrs because ltdb_rename() calls ltdb_add_internal() and then
> >> ltdb_delete_internal() to accomplish the rename.  When the rename only
> >> changes case, the ltdb_add_internal() call fails because the DN already
> >> exists.
> >>
> >> The attached patch compares the old and new DNs, and if they are the
> >> same it calls ltdb_modify_internal() with the flags set to
> >> LDB_FLAG_MOD_REPLACE.  If the DNs differ, the original
> >> ltdb_add_internal() / ltdb_delete_internal() code is used.
> > 
> > Andrew in which case do you need this?
> > Have you seen some operation failing because of case differences only in
> > the RDN ?
> Yes, I have seen failures (and so has Matthias who posted the initial
> Bugzilla report for #4958).  If I have a group named "mygroup" created
> via ADUC, it has a DN of "CN=mygroup,CN=Users,DC=example,DC=com".  With
> the current Samba 4 code in SVN, if I attempt to rename "mygroup" to
> "MyGroup", that rename fails when ltdb_rename() calls
> ltdb_add_internal().  The failure happens because the case-insensitive
> nature considers the original DN
> ("CN=mygroup,CN=Users,DC=example,DC=com") and the new DN
> ("CN=MyGroup,CN=Users,DC=example,DC=com") to be the same, and
> ltdb_add_internal() fails with an LDB_ERR_ENTRY_ALREADY_EXISTS error.
> Since submitting my patch, I have regained access to a test W2K3 DC and
> checked what happens "under the hood" when renaming an object in ADUC on
> a Windows DC.  The rename operation with a Windows DC renames the
> attributes and also changes the DN (e.g. from
> "CN=mygroup,CN=Users,DC=example,DC=com" to
> "CN=MyGroup,CN=Users,DC=example,DC=com").  My patch also renames the
> attributes, but it does not change the DN (it would still be
> "CN=mygroup,CN=Users,DC=example,DC=com" under Samba 4).  I cannot think
> of any problems with this if all DN access and comparisons are handled
> in a case-insensitive manner, but I mention it in case there are any
> issues with this that I may not be aware of it.
> > I ask because I am not sure we should succeed (or just perform a noop)
> > when the RDN attribute is case insensitive.
> > Do we fail if the attribute is case sensitive? (I expect the dn
> > comparison to fail).
> I don't have an answer to that.  My proposed patch was intended to
> address one case where Samba 4 behavior differed from Windows behavior,
> and make that as localized as possible to address the issue.  Given that
> the current ltdb_rename() code in SVN uses ltdb_add_internal() and
> ltdb_delete_internal() to accomplish the rename, I cannot think of any
> adverse effects to using ltdb_modify_internal() in the case where olddn
> and newdn are the same.
> Am I missing something in the "bigger picture" here?

I really don't like the idea that the DN and attribute being different.
Otherwise, I fully agree with you here, and once simo is happy, I think
we can apply a patch.

Perhaps handle this as delete/add (rather than the other order), or pass
in a flag to skip the check?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070917/57bcf4f4/attachment.bin

More information about the samba-technical mailing list