[Patch] Allow specifiying the guid for NTDS Settings
Matthieu Patou
mat+Informatique.Samba at matws.net
Fri Sep 18 15:10:10 MDT 2009
On 09/19/2009 12:58 AM, Stefan (metze) Metzmacher wrote:
> Matthieu Patou schrieb:
>> On 09/19/2009 12:40 AM, Matthieu Patou wrote:
>>> On 09/19/2009 12:21 AM, Andrew Bartlett wrote:
>>>> On Sat, 2009-09-19 at 00:11 +0400, Matthieu Patou wrote:
>>>>> Hello,
>>>>>
>>>>> This patch allow to specify on the command line the GUID of the object
>>>>> NTDS Settings for the selfjoined DC.
>>>> I really don't like the idea of changing the objectGUID. If you need to
>>>> set it to a particular value, then do so during the 'add' process.
>>>>
>>> Note: I usually do not try to innovate and try to do as it is done
>>> already (ie. for domainguid is the same script).
>>>
>>> Although it's not a problem for me to do in one or in another way
>>>> That may require that we set a control to allow it (if another module
>>>> would prevent it).
>> In deed:
>>
>> Traceback (most recent call last):
>> File "./setup/provision", line 201, in<module>
>> ldap_dryrun_mode=opts.ldap_dryrun_mode)
>> File "bin/python/samba/provision.py", line 1187, in provision
>> serverrole=serverrole,ntdsguid=ntdsguid,ldap_backend=provision_backend)
>> File "bin/python/samba/provision.py", line 1005, in setup_samdb
>>
>> domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid)
>>
>> File "bin/python/samba/provision.py", line 790, in setup_self_join
>> "DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)})
>> File "bin/python/samba/provision.py", line 262, in setup_add_ldif
>> ldb.add_ldif(data)
>> File "bin/python/samba/__init__.py", line 244, in add_ldif
>> self.add(msg)
>> _ldb.LdbError: (53, "replmd_add: it's not allowed to add an object with
>> objectGUID\n")
>
> We also need to make sure we add code to replmd_modify to reject
> objectGUID changes...
>
If this is done like this it will break the current provision as system
when specifying --domain-guid as for this the provision is already using
the trick of replacing the GUID ....
Matthieu
More information about the samba-technical
mailing list