replmd delete update

tridge at samba.org tridge at samba.org
Fri Jan 15 21:22:30 MST 2010 

Hi Eduardo,

 > I've just sent to the samba's mail list the new version of the test cases. I
 > added a piece of code to test some attributes (isDeleted, objectCategory and
 > sAMAccountType) and the deletion of a already deleted object.

yep, thanks! See my reply about the cut&paste errors.

 > To do list regarding test cases (from the meeting):
 > - Tombstones
 > - Recycle bin functionality
 > - Test the recovery of objects and attributes in Samba
 > - Linked attributes
 > - Implement a functionality to recover an object.

sounds good.

 > From this list, if you agree, I'm thinking about starting working on one of
 > the last two items. I understood what is a linked attribute, but I don't
 > know yet what and how it should be tested.

to really test deletion with linked attributes, you first need to add
recycle bin functionality to repl_meta_data.c. Once we have that, and
enable the recycle bin, then linked attribute to deleted objects will
get a special flag saying they are they not visible, and the
--show-deactivated-link control will override that and make them
visible.

 > Maybe some command-line examples would help me to clarify.

ok, on a w2k8r2 box enable the recycle bin using
scripting/bin/enablerecyclebin

Then create a test group object and a test user object. Setup the user
as a member of the group.

Using ldbsearch, if you look for the member attribute of the group,
you'll see it contains a link to the test user. Then delete the user
and look again with ldbsearch. The link won't be visible. If you now
add --show-deactivated-link to the ldbsearch command line then the
link will be visible, and will point at the deleted user object.

 > Regarding the implementation of a functionality to recover an
 > object, it would be great as well to have some advices on how it
 > should be done.

recovering an object only really makes sense once we have the
recyclebin. You can do it without the recyclebin, but some of the
attributes will be lost.

I think you need the following bits of code:

 1) add a function dsdb_recyclebin_enabled() which looks at
 enableOptionalFeature to see if the recycle bin is enabled.

 2) in repl_meta_data.c, when deleting an object, if the recyclebin is
 enabled then you need to not delete as many attributes (see MS-ADTS
 for details on what not to delete). For example, you keep linked
 attributes.

 3) if a 2nd delete is called on the object then the rest of the
 attributes that are currently removed should be removed, and the
 isRecycled=TRUE attribute should be set

 4) a 3rd delete should really remove the object

 5) in linked_attributes.c, in linked_attributes_fix_links() you'll
 need to set the DSDB_RMD_FLAG_INVISIBLE flag in RMD_FLAGS on the link
 if the target DN is deleted

 6) in extended_dn_out.c you should check for DSDB_RMD_FLAG_INVISIBLE,
 and if set then remove the link from the list if the
 LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID control is not set

 > I was reviewing the implementation of replmd_delete function and I could not
 > find the place where the attributes to be deleted is verified. If I
 > understood right, all the attributes that are not on the preserved_list and
 > are not the RDN are being removed. Microsoft's documentation says that we
 > need to check whether the attribute is marked to be preserved. If it is
 > really missing, I can work on it too. It will help then to implement the
 > test case related to this requirement.

I think that's handled by this code:

		if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
			continue;
		}

but please let me know if you think this doesn't match the WSPP docs!

Cheers, Tridge

More information about the samba-technical mailing list