[PATCH] New LDAP comparing tool

Andrew Bartlett abartlet at samba.org
Tue Dec 15 03:23:14 MST 2009 

On Fri, 2009-12-11 at 16:50 +0200, Zahari Zahariev wrote:
> Hello Samba4,
> 
> I have been working the last couple of weeks on comparing objects and attributes between different Active Directories within the same naming context. There are certain amount of given object DNs that are being ignored for a couple of reasons one of them still missing some place holders. After syncing both DN lists that we read for each naming context in each AD (Samba4) domain then we start to compare them object for object and attribute for attribute.
> 
> What results we can expect?
> 
>    1. We get to know which objects are present in the first DC but not in the second and vice versa.
>    2. We would know for two objects that are present in both DCs if there are attribute(s) that are found only in the first DC but not in the second (different number of attributes) and vice versa.
>    3. We have a final Summary that says all of the above things regarding attributes.
> 
> Indeed the tool takes a mouthful of options: host, user, password for both DCs and the naming context as an argument. Note that the 'user' option may take all of the known authentication methods: NETBIOS\User, User at REALM, DN(User).
> 
> This tool will be upgraded so it will implement as many place holders as possible.
> 
> Please look at it & test for yourself and give me any sort of feedback.

The big issues I see are:

 - The fixed password - we should never have a fixed password in a tool.
 - The use of the ldap, rather than ldb libs (not major, and I know I
indicated otherwise in the past, but it would be the first thing to
depend on the system LDAP libs). 
 - The lack of a test - for it to be included in Samba, it must at least
be blackbox tested (otherwise, it will break).  It should perhaps do
this on two new reference provisions. 

We also need a more exact comparison mode, for use between Samba
replicas, where most of the values that can vary between a provision
will not vary between replicas.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091215/e47ef2a4/attachment.pgp>

More information about the samba-technical mailing list