linked attributes, DRS and abusing the ldb modules API

tridge at samba.org tridge at samba.org
Wed Aug 26 01:52:10 MDT 2009 

Hi Metze,

I've been looking at supporting linked attributes in the
repl_meta_data module. The test I've been using is to add/remove a
couple of users from a global group on a W2K3 system, with DRS pull
replication happening to a S4 DC.

As it stands in the tree now, the DRS pull does pull across the modify
request for the 'member' attribute of the group, and this gets applies
correctly, but the memberOf linked attributes don't get updated. The
reason they don't get updated is that the linked_attributes module
comes before the repl_meta_data module in the module list (as the
repl_meta_data module gets pulled in as part of the partition module).

So to make this work, we have a few choices:

 1) we could reproduce the linked_attributes logic in the
    repl_meta_data module. I'm guessing that is what your 'todo' in
    dsdb_extended_replicated_objects_commit() impled?

 2) we could call into the linked_attributes module from the
    repl_meta_data module, letting the linked_attributes module do its
    work as usual when it gets a modify request on an attribute that
    is linked

 3) we could change the module ordering

I've written a quick patch that implements (2). What do you think
about this approach? The patch is below.

Note in particular the line:

		if (ldb_load_modules_list(ldb, module_list, module->next, &ac->module->next) != LDB_SUCCESS) {

which is an approach I don't think we've used before, but does offer a
way to re-use modules in a fairly clean fashion. For now it assumes
the modules don't need initialisation, but that could be fixed.

The patch works in the sense that the member/memberOf attributes get
correctly updated by a DRS pull, although we do generate a warning as
we get some spurious updates to the memberOf linked attribute target,
which are then discarded (which turns out to do the right thing).

Cheers, Tridge


diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 5d4c486..cf41b3c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -46,6 +46,7 @@
 #include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "param/param.h"
+#include "ldb_private.h"
 
 struct replmd_replicated_request {
 	struct ldb_module *module;
@@ -63,8 +64,13 @@ struct replmd_replicated_request {
 	struct ldb_message *search_msg;
 };
 
+/*
+  created a replmd_replicated_request context, with an optional list
+  of additional modules chained onto the module list
+ */
 static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module,
-					  struct ldb_request *req)
+							 struct ldb_request *req, 
+							 const char **module_list)
 {
 	struct ldb_context *ldb;
 	struct replmd_replicated_request *ac;
@@ -77,8 +83,17 @@ static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *modu
 		return NULL;
 	}
 
-	ac->module = module;
 	ac->req	= req;
+	ac->module = module;
+
+	if (module_list) {
+		if (ldb_load_modules_list(ldb, module_list, module->next, &ac->module->next) != LDB_SUCCESS) {
+			ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to add extra modules in replmd_ctx_init_with_modules\n");
+			talloc_free(ac);
+			return NULL;
+		}
+	}
+
 	return ac;
 }
 
@@ -269,7 +284,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
-	ac = replmd_ctx_init(module, req);
+	ac = replmd_ctx_init(module, req, NULL);
 	if (!ac) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
@@ -478,7 +493,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
-	ac = replmd_ctx_init(module, req);
+	ac = replmd_ctx_init(module, req, NULL);
 	if (!ac) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
@@ -1405,6 +1420,7 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct
 	struct replmd_replicated_request *ar;
 	struct ldb_control **ctrls;
 	int ret;
+	const char *extra_modules[] = { "linked_attributes", NULL };
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -1422,7 +1438,7 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct
 		return LDB_ERR_PROTOCOL_ERROR;
 	}
 
-	ar = replmd_ctx_init(module, req);
+	ar = replmd_ctx_init(module, req, extra_modules);
 	if (!ar)
 		return LDB_ERR_OPERATIONS_ERROR;

More information about the samba-technical mailing list