replmd delete update
tridge at samba.org
tridge at samba.org
Fri Jan 15 21:22:30 MST 2010
Hi Eduardo,
> I've just sent to the samba's mail list the new version of the test cases. I
> added a piece of code to test some attributes (isDeleted, objectCategory and
> sAMAccountType) and the deletion of a already deleted object.
yep, thanks! See my reply about the cut&paste errors.
> To do list regarding test cases (from the meeting):
> - Tombstones
> - Recycle bin functionality
> - Test the recovery of objects and attributes in Samba
> - Linked attributes
> - Implement a functionality to recover an object.
sounds good.
> From this list, if you agree, I'm thinking about starting working on one of
> the last two items. I understood what is a linked attribute, but I don't
> know yet what and how it should be tested.
to really test deletion with linked attributes, you first need to add
recycle bin functionality to repl_meta_data.c. Once we have that, and
enable the recycle bin, then linked attribute to deleted objects will
get a special flag saying they are they not visible, and the
--show-deactivated-link control will override that and make them
visible.
> Maybe some command-line examples would help me to clarify.
ok, on a w2k8r2 box enable the recycle bin using
scripting/bin/enablerecyclebin
Then create a test group object and a test user object. Setup the user
as a member of the group.
Using ldbsearch, if you look for the member attribute of the group,
you'll see it contains a link to the test user. Then delete the user
and look again with ldbsearch. The link won't be visible. If you now
add --show-deactivated-link to the ldbsearch command line then the
link will be visible, and will point at the deleted user object.
> Regarding the implementation of a functionality to recover an
> object, it would be great as well to have some advices on how it
> should be done.
recovering an object only really makes sense once we have the
recyclebin. You can do it without the recyclebin, but some of the
attributes will be lost.
I think you need the following bits of code:
1) add a function dsdb_recyclebin_enabled() which looks at
enableOptionalFeature to see if the recycle bin is enabled.
2) in repl_meta_data.c, when deleting an object, if the recyclebin is
enabled then you need to not delete as many attributes (see MS-ADTS
for details on what not to delete). For example, you keep linked
attributes.
3) if a 2nd delete is called on the object then the rest of the
attributes that are currently removed should be removed, and the
isRecycled=TRUE attribute should be set
4) a 3rd delete should really remove the object
5) in linked_attributes.c, in linked_attributes_fix_links() you'll
need to set the DSDB_RMD_FLAG_INVISIBLE flag in RMD_FLAGS on the link
if the target DN is deleted
6) in extended_dn_out.c you should check for DSDB_RMD_FLAG_INVISIBLE,
and if set then remove the link from the list if the
LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID control is not set
> I was reviewing the implementation of replmd_delete function and I could not
> find the place where the attributes to be deleted is verified. If I
> understood right, all the attributes that are not on the preserved_list and
> are not the RDN are being removed. Microsoft's documentation says that we
> need to check whether the attribute is marked to be preserved. If it is
> really missing, I can work on it too. It will help then to implement the
> test case related to this requirement.
I think that's handled by this code:
if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
continue;
}
but please let me know if you think this doesn't match the WSPP docs!
Cheers, Tridge
More information about the samba-technical
mailing list