Improved RPC-DSSYNC

Andrew Bartlett abartlet at samba.org
Wed Nov 11 05:07:07 MST 2009 

On Tue, 2009-11-10 at 22:38 +1100, Andrew Bartlett wrote:
> On Sat, 2009-11-07 at 13:38 +1100, Andrew Bartlett wrote:
> > On Fri, 2009-11-06 at 14:44 +0100, Stefan (metze) Metzmacher wrote:
> > > Andrew Bartlett schrieb:
> > > > On Thu, 2009-11-05 at 18:02 +1100, Andrew Bartlett wrote:
> > > >> I wanted to bring your attention to my GIT branch dsdb-dn
> > > >> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/dsdb-dn
> > > >>
> > > >> This creates a new struct dsdb_dn and associated functions, taking over
> > > >> from ldb_dn for the DN+Binary and DN+String code.
> > > >>
> > > >> I feel this is a cleaner separation than we had previously, and should
> > > >> fix some reported issues with the OpenLDAP backend.  (We need to be able
> > > >> to deal with the linear form of these DNs as a whole, and as the
> > > >> 'normal' part differently in different portions of the code).
> > > >>
> > > >> It also adds functions to allow these DNs to be searched for correctly,
> > > >> as the DN is now able to be casefolded independently of the binary or
> > > >> string prefix. 
> > > >>
> > > >> The next step is to write specific tests for this new code, and to
> > > >> validate that I've not broken 'net vampire' and replication (for which
> > > >> this code was added in the first place). 
> > > > 
> > > > I've pushed an updated set of changes to my branch.
> > > > 
> > > > The problem I have, aside from a small segfault mdw will patch shortly
> > > > in his ValidatePassword code, is that dcpromo on a new second Windows
> > > > 2008 DC fails with:
> > > > 
> > > > "The replication system has encountered an internal error"
> > > > 
> > > > while replicating cn=configuration
> > > 
> > > Does it work without your changes?
> > 
> > No, but for a different reason.  Without my changes it loops at 1606 of
> > 1625 changes in cn=configuration (which is also the same as the last
> > time I tested replication). 
> > 
> > So, how do I debug what it doesn't like about my patch?  
> 
> I've fixed what I thought was the cause (a bug in the schema_syntax
> changes), and written unit tests for many of the syntax handlers.
> However, despite fixing that, and make test passing, it still fails the
> dcpromo.

In addition to my unit tests, the dsdb-dn branch now also contains a
revived RPC-DSSYNC test that loads the schema from the remote server and
uses that to pull all the attributes into the LDAP format.  We then
verify that the pull was correct by comparison against the LDAP server
on the remote host.

However, currently the test is too slow to enable by default (it does
pass against Windows and Samba), partly because it tries to verify the
attribute IDs for every object.  

However, as far as I can see in _drs_util_verify_attids(), the only
verification is done by eye - not by software.  Could we remove this
part of the test, now we actually use the remote schema?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091111/e826e4aa/attachment.pgp>

More information about the samba-technical mailing list