replmd delete update

Eduardo Lima eduardoll at gmail.com
Wed Jan 20 13:47:20 MST 2010 

Hi Tridge,

That was just some points where I could work on. If you have any other plans
to me, please, feel free to say it.

I spent the last days reading the recycle bin documentation to start playing
with the bits of code below. Let me know If you think it's not appropriate
to me do it now (I don't know if there is another person already working on
the same feature).

>I think you need the following bits of code:
>
> 1) add a function dsdb_recyclebin_enabled() which looks at
> enableOptionalFeature to see if the recycle bin is enabled.
>
> 2) in repl_meta_data.c, when deleting an object, if the recyclebin is
> enabled then you need to not delete as many attributes (see MS-ADTS
> for details on what not to delete). For example, you keep linked
> attributes.
>
> 3) if a 2nd delete is called on the object then the rest of the
> attributes that are currently removed should be removed, and the
> isRecycled=TRUE attribute should be set
>
> 4) a 3rd delete should really remove the object
>
> 5) in linked_attributes.c, in linked_attributes_fix_links() you'll
> need to set the DSDB_RMD_FLAG_INVISIBLE flag in RMD_FLAGS on the link
> if the target DN is deleted
>
> 6) in extended_dn_out.c you should check for DSDB_RMD_FLAG_INVISIBLE,
> and if set then remove the link from the list if the
> LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID control is not set

These steps are implementing part of the recycle bin functionality, right?

In order to check if the recycle bin is enabled I need to get the
msDS-OptionalFeature object to check if the Recycle Bin's GUID is present.
Is there any part of the code that works with msDS-OptionalFeature object so
I can follow it? I could not find it..

I'm trying to implement a similar procedure shown on the Docs but I'm having
no success on getting these objects:

procedure IsOptionalFeatureEnabled (
    scope: DSNAME, featureGuid: GUID): boolean
  Returns true if scope!msDS-EnabledFeature contains the DN of a
    msDS-optionalFeature object o such that o!msDS-optionalFeatureGuid
    equals featureGuid.
  Returns false otherwise.


The enablerecyclebin script seems to enable the Recycle Bin on the
Partitions container, but I can't find it. Do I have to use an special flag
or control to browse it?

> > I was reviewing the implementation of replmd_delete function and I could
not
> > find the place where the attributes to be deleted is verified. If I
> > understood right, all the attributes that are not on the preserved_list
and
> > are not the RDN are being removed. Microsoft's documentation says that
we
> > need to check whether the attribute is marked to be preserved. If it is
> > really missing, I can work on it too. It will help then to implement the
> > test case related to this requirement.
>
>I think that's handled by this code:
>
>               if (!sa->linkID && ldb_attr_in_list(preserved_attrs,
el->name)) {
>                       continue;
>               }
>
>but please let me know if you think this doesn't match the WSPP docs!

Ahmm.. Maybe I understood wrong, but the tombstone requirements says to
test:

1 - A tombstone does not have values for any attributes except for the
following:
  1.1 - Attributes marked as being preserved on deletion (see section
2.2.9).
  1.2 - The attribute that is the RDN of the tombstone
2 - Attributes on the following list: (that preserved list)

ldb_attr_in_list(preserved_attrs, el->name) = Check whether the attr is in
the preserved list. This is for the requirement number 2.

I think "!sa->linkID" is only checking if "sa" is not a linked attribute,
right? My concern is about the item 1.1. From 1.1 I understood that an
object may have an attribute that has a flag saying to preserve that
attribute during the deletion.

Thanks!

--
Eduardo Lima
Sent from Campinas, SP, Brazil

On Sat, Jan 16, 2010 at 02:22, <tridge at samba.org> wrote:

> Hi Eduardo,
>
>  > I've just sent to the samba's mail list the new version of the test
> cases. I
>  > added a piece of code to test some attributes (isDeleted, objectCategory
> and
>  > sAMAccountType) and the deletion of a already deleted object.
>
> yep, thanks! See my reply about the cut&paste errors.
>
>  > To do list regarding test cases (from the meeting):
>  > - Tombstones
>  > - Recycle bin functionality
>  > - Test the recovery of objects and attributes in Samba
>  > - Linked attributes
>  > - Implement a functionality to recover an object.
>
> sounds good.
>
>  > From this list, if you agree, I'm thinking about starting working on one
> of
>  > the last two items. I understood what is a linked attribute, but I don't
>  > know yet what and how it should be tested.
>
> to really test deletion with linked attributes, you first need to add
> recycle bin functionality to repl_meta_data.c. Once we have that, and
> enable the recycle bin, then linked attribute to deleted objects will
> get a special flag saying they are they not visible, and the
> --show-deactivated-link control will override that and make them
> visible.
>
>  > Maybe some command-line examples would help me to clarify.
>
> ok, on a w2k8r2 box enable the recycle bin using
> scripting/bin/enablerecyclebin
>
> Then create a test group object and a test user object. Setup the user
> as a member of the group.
>
> Using ldbsearch, if you look for the member attribute of the group,
> you'll see it contains a link to the test user. Then delete the user
> and look again with ldbsearch. The link won't be visible. If you now
> add --show-deactivated-link to the ldbsearch command line then the
> link will be visible, and will point at the deleted user object.
>
>  > Regarding the implementation of a functionality to recover an
>  > object, it would be great as well to have some advices on how it
>  > should be done.
>
> recovering an object only really makes sense once we have the
> recyclebin. You can do it without the recyclebin, but some of the
> attributes will be lost.
>
> I think you need the following bits of code:
>
>  1) add a function dsdb_recyclebin_enabled() which looks at
>  enableOptionalFeature to see if the recycle bin is enabled.
>
>  2) in repl_meta_data.c, when deleting an object, if the recyclebin is
>  enabled then you need to not delete as many attributes (see MS-ADTS
>  for details on what not to delete). For example, you keep linked
>  attributes.
>
>  3) if a 2nd delete is called on the object then the rest of the
>  attributes that are currently removed should be removed, and the
>  isRecycled=TRUE attribute should be set
>
>  4) a 3rd delete should really remove the object
>
>  5) in linked_attributes.c, in linked_attributes_fix_links() you'll
>  need to set the DSDB_RMD_FLAG_INVISIBLE flag in RMD_FLAGS on the link
>  if the target DN is deleted
>
>  6) in extended_dn_out.c you should check for DSDB_RMD_FLAG_INVISIBLE,
>  and if set then remove the link from the list if the
>  LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID control is not set
>
>  > I was reviewing the implementation of replmd_delete function and I could
> not
>  > find the place where the attributes to be deleted is verified. If I
>  > understood right, all the attributes that are not on the preserved_list
> and
>  > are not the RDN are being removed. Microsoft's documentation says that
> we
>  > need to check whether the attribute is marked to be preserved. If it is
>  > really missing, I can work on it too. It will help then to implement the
>  > test case related to this requirement.
>
> I think that's handled by this code:
>
>                if (!sa->linkID && ldb_attr_in_list(preserved_attrs,
> el->name)) {
>                        continue;
>                }
>
> but please let me know if you think this doesn't match the WSPP docs!
>
> Cheers, Tridge
>

More information about the samba-technical mailing list