How to process schemaUpdateNow ldap request

Anatoliy Atanasov anatoliy.atanasov at postpath.com
Wed Jul 2 08:04:42 GMT 2008 

I did the patch for the dn, and no problem with that now
--------------------------------------------------------
diff --git a/source/ldap_server/ldap_backend.c b/source/ldap_server/ldap_backend.c
index 9047773..2193c98 100644
--- a/source/ldap_server/ldap_backend.c
+++ b/source/ldap_server/ldap_backend.c
@@ -348,7 +348,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
        NT_STATUS_HAVE_NO_MEMORY(local_ctx);

        dn = ldb_dn_new(local_ctx, samdb, req->dn);
-       VALID_DN_SYNTAX(dn, 1);
+       VALID_DN_SYNTAX(dn, 0);

        DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
---------------------------------------------------------
There is another error now:
     "additional info: attribute schemaUpdateNow is not a valid attribute in schema"
That happens in dsdb\samdb\ldb_modules\objectclass.c: fix_attributes function


----- Original Message -----
> From: simo <idra at samba.org>
> To: Andrew Bartlett <abartlet at samba.org>
> Cc: Michael Ströder <michael at stroeder.com>, Anatoliy Atanasov <anatoliy.atanasov at postpath.com>, samba-technical at lists.samba.org
> Sent: Tuesday, July 1, 2008 3:45:57 PM GMT+0200 Europe;Athens
> Subject: Re: How to process schemaUpdateNow ldap request

> > On Tue, 2008-07-01 at 16:54 +1000, Andrew Bartlett wrote:
> > On Mon, 2008-06-30 at 17:41 +0200, Michael Ströder wrote:
> > > Anatoliy Atanasov wrote:
> > > > 
> > > > I am trying to make schema cache in dsdb_schema to reload with 
> newly added mappings from ldb.
> > > > This is done by the following ldap request which is valid 
> command for Win2003
> > > > 
> > > > dn:
> > > > changetype: modify
> > > > add: schemaUpdateNow
> > > > schemaUpdateNow: 1
> > > > 
> > > > I want to process this in rootdse module .modify function, but 
> it's never called and the return message says:
> > > > 
> > > >> ldap_modify_ext: Invalid DN syntax (34)
> > > >>        additional info: Invalid DN (1 components needed for 
> 'dn')
> > > 
> > > FWIW your DN line in your e-mail above is "dn:". Maybe try it with
> > > "dn: " instead. The space is part of the separator between 
> attribute 
> > > type and attribute value.
> > > 
> > > See declaration of dn-spec and FILL in RFC 2849.
> > 
> > nah, this error occours well past the ldif parsing layer - it's 
> actually
> > a problem on the server.
> > 
> > If you look at ldap_server/ldap_backend.c, the macro VALID_DN_SYNTAX
> > takes two argument, the first being the DN, and the second is the 
> number
> > of components it must have.  Set that to 0 and you should be right.
> > 
> > I don't see why this layer should be trying to determine if a DN is
> > valid (ldb can do that very well itself).  This looks like Simo's 
> code,
> > according to 'git blame', so I'll flip-pass this question to him...
> 
> I think we added it before ldb was able to validate, then kept it for
> performance reasons, it make no sense to process the entry if it is
> going to be rejected.
> However a null DN should not be refuse I guess, feel free to patch the
> code to let that DN be considered valid (as it is).
> 
> Simo.
> 
> -- 
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at samba.org>
> Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>

More information about the samba-technical mailing list