msDS-isRODC implementation

Anatoliy Atanasov anatoliy.atanasov at
Thu Apr 29 04:29:30 MDT 2010

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at]
> Sent: Thursday, April 29, 2010 13:22
> To: Anatoliy Atanasov
> Cc: samba-technical at
> Subject: Re: msDS-isRODC implementation
> On Thu, 2010-04-29 at 12:18 +0300, Anatoliy Atanasov wrote:
> > Hi Andrew,
> >
> > I pushed the implementation of msDS-isRODC here:
> msds_isrodc
> > Please take a look at construct_msds_isrodc_with_dn. There i get the
> objectCategory for the object for which i have to construct msDS-isRODC
> and then i do another search on the schema for the distinguishedName of
> the nTDSDSA class.
> > Is there a way to optimize the second read? Get the distinguishedName
> from schema cache, probably?
> Yes, you can look up the schema by objectCategory DN - just get the
> first component an use dsdb_class_by_cn()
Yeah, i used similarly dsdb_class_by_lDAPDisplayName but the dsdb_class struct doesn't have distinguishedName attr in it. The closes thing to DN is defaultObjectCategory, and at the end I need the DN only.
> If you also searched on objectCategory in the first search, then for
> that case you should be able to avoid the second search entirely for
> computer account objects.
How can I request objectClass and ObjectCategory at the same time, I thought in the search_sub struct in operational.c one can get only one attr per request, that is why I specified objectClass, so I can get it in the callback.

> Andrew Bartlett
> --
> Andrew Bartlett                      
> Authentication Developer, Samba Team 
> Samba Developer, Cisco Inc.

More information about the samba-technical mailing list