rebuildextendeddn.py and linked attributes

Matthieu Patou mat+Informatique.Samba at matws.net
Wed Aug 19 03:17:28 MDT 2009 

Hello andrew,

following our talks about this script I looked a bit more at linked 
attributes

I found those "forward" link attributes:

bridgeheadTransportList fRSMemberReference frsComputerReference 
hasMasterNCs hasPartialReplicaNCs managedBy manager member 
nonSecurityMember owner privilegeHolder queryPolicyObject 
serverReference siteObject msCOM-PartitionLink 
msCOM-UserPartitionSetLink msDFSR-ComputerReference 
msDFSR-MemberReference msDS-AuthenticatedAtDC msDS-HasDomainNCs 
msDS-hasFullReplicaNCs msDS-hasMasterNCs msDS-KrbTgtLink 
msDS-MembersForAzRole msDS-NC-RO-Replica-Locations msDS-NonMembers 
msDS-ObjectReference msDS-OperationsForAzRole msDS-OperationsForAzTask 
msDS-PSOAppliesTo msDS-TasksForAzRole msDS-TasksForAzTask 
msSFU30PosixMember netbootServer

Not all of them are used it seems (at least right now)
I also found that some other attributes use extended DN like dMDLocation 
or objectCategory and they are not link attribute but we have to take 
care of them (at least when upgrading a provision without extended DN).

It seems that we can have extended DN in all attributes that have the DN 
syntax (attributeSyntax=2.5.5.1)
It gives (without back/forward linked attributes):

addressBookRoots assistant cRLObject certificateAuthorityObject 
currentParentCA dMDLocation dNReferenceUpdate defaultClassStore 
defaultGroup defaultLocalPolicyObject defaultObjectCategory domainCAs 
domainCrossRef domainID domainPolicyObject domainPolicyReference 
dynamicLDAPServer fSMORoleOwner fromServer globalAddressList 
interSiteTopologyGenerator ipsecFilterReference ipsecISAKMPReference 
ipsecNFAReference ipsecNegotiationPolicyReference ipsecOwnersReference 
ipsecPolicyReference lastKnownParent localPolicyReference 
mSMQInRoutingServers mSMQOutRoutingServers mSMQPrevSiteGates mSMQSite1 
mSMQSite2 mSMQSiteGates mSMQSiteGatesMig nCName nextLevelStore 
notificationList distinguishedName objectCategory parentCA 
pendingParentCA physicalLocationObject preferredOU previousParentCA 
rIDManagerReference rIDSetReferences roleOccupant rootTrust seeAlso 
showInAddressBook siteServer subRefs subSchemaSubEntry syncWithObject 
templateRoots transportType trustParent associatedName documentAuthor 
msCOM-DefaultPartitionLink msDS-Preferred-GC-Site msDS-ResultantPSO 
msDS-RevealedListBL netbootNewMachineOU secretary uniqueMember

It seems a bit overkill but I have the impression that there is no 
workaround.

Matthieu.

More information about the samba-technical mailing list