rebuildextendeddn.py and linked attributes
Matthieu Patou
mat+Informatique.Samba at matws.net
Wed Aug 19 03:17:28 MDT 2009
Hello andrew,
following our talks about this script I looked a bit more at linked
attributes
I found those "forward" link attributes:
bridgeheadTransportList fRSMemberReference frsComputerReference
hasMasterNCs hasPartialReplicaNCs managedBy manager member
nonSecurityMember owner privilegeHolder queryPolicyObject
serverReference siteObject msCOM-PartitionLink
msCOM-UserPartitionSetLink msDFSR-ComputerReference
msDFSR-MemberReference msDS-AuthenticatedAtDC msDS-HasDomainNCs
msDS-hasFullReplicaNCs msDS-hasMasterNCs msDS-KrbTgtLink
msDS-MembersForAzRole msDS-NC-RO-Replica-Locations msDS-NonMembers
msDS-ObjectReference msDS-OperationsForAzRole msDS-OperationsForAzTask
msDS-PSOAppliesTo msDS-TasksForAzRole msDS-TasksForAzTask
msSFU30PosixMember netbootServer
Not all of them are used it seems (at least right now)
I also found that some other attributes use extended DN like dMDLocation
or objectCategory and they are not link attribute but we have to take
care of them (at least when upgrading a provision without extended DN).
It seems that we can have extended DN in all attributes that have the DN
syntax (attributeSyntax=2.5.5.1)
It gives (without back/forward linked attributes):
addressBookRoots assistant cRLObject certificateAuthorityObject
currentParentCA dMDLocation dNReferenceUpdate defaultClassStore
defaultGroup defaultLocalPolicyObject defaultObjectCategory domainCAs
domainCrossRef domainID domainPolicyObject domainPolicyReference
dynamicLDAPServer fSMORoleOwner fromServer globalAddressList
interSiteTopologyGenerator ipsecFilterReference ipsecISAKMPReference
ipsecNFAReference ipsecNegotiationPolicyReference ipsecOwnersReference
ipsecPolicyReference lastKnownParent localPolicyReference
mSMQInRoutingServers mSMQOutRoutingServers mSMQPrevSiteGates mSMQSite1
mSMQSite2 mSMQSiteGates mSMQSiteGatesMig nCName nextLevelStore
notificationList distinguishedName objectCategory parentCA
pendingParentCA physicalLocationObject preferredOU previousParentCA
rIDManagerReference rIDSetReferences roleOccupant rootTrust seeAlso
showInAddressBook siteServer subRefs subSchemaSubEntry syncWithObject
templateRoots transportType trustParent associatedName documentAuthor
msCOM-DefaultPartitionLink msDS-Preferred-GC-Site msDS-ResultantPSO
msDS-RevealedListBL netbootNewMachineOU secretary uniqueMember
It seems a bit overkill but I have the impression that there is no
workaround.
Matthieu.
More information about the samba-technical
mailing list