[PATCH] : script to rebuild extended DN attributes

Matthieu Patou mat+Informatique.Samba at matws.net
Tue Sep 8 01:34:52 MDT 2009 

On 09/08/2009 11:22 AM, Andrew Bartlett wrote:
> On Tue, 2009-09-08 at 11:18 +0400, Matthieu Patou wrote:
>    
>> On 09/08/2009 10:56 AM, Andrew Bartlett wrote:
>>      
>>> On Tue, 2009-09-08 at 10:50 +0400, Matthieu Patou wrote:
>>>
>>>        
>>>> Hello,
>>>>
>>>> This is a reviewed and corrected version of the script that (re)build
>>>> extended DNs.
>>>>
>>>> This version use the python bindings instead of LDIF because now
>>>> replacing attributes works ...
>>>> It also use the control search_options to go into the whole provision
>>>> without the need to specify each partitions.
>>>>
>>>>
>>>> Let me know ...
>>>>
>>>>          
>>> It's looking good.  A version of this that handles forward links only
>>> (but not backlinks, or cases where the extended DN is present) belongs
>>> at the end of our provision.
>>>
>>>
>>>        
>> As far as I remember LDB is not very happy when you are trying to edit
>> backlinks. But I'm not even sure I understand your remarks here ...
>>      
> While your 'non-extended DNs' come from an old DB, we have a similar
> issue with the main database after the provision (but perhaps we should
> solve it with a pre-commit hook).
>    
Ah yes we talked more than once about this ... as a current provision do 
not create extend DNs for all attributes that should have this format 
(well quite far in fact ...) but that is up to you to decide whether or 
not use the script at the end of the provision. Am I right ?

>>> I still don't know what the modify_modules stuff is doing in there
>>> however.  Shouldn't that be replaced by doing a provision
>>> --partitions-only to fix up the module list (etc)?
>>>
>>>        
>> Maybe a good solution but not so long time ago provision
>> --partitions-only used to smashed secrets.ldb is it still the case ?
>>      
> I think it still does, but we can fix that.  (yet more options...).  It
> is about to get a lot more use as we start looking seriously at
> replication.
>    
Sure I can even propose a patch, the thing is that I have two big way to 
do it:

* add a cumulative option like --but-please-do-not-smash-secrets.ldb
* add another option more like --only-partition-structure

What suits you best ? other suggestions ?
Matthieu.

More information about the samba-technical mailing list