Reloading the full schema in upgradeprovision

Andrew Bartlett abartlet at
Sun Jul 11 07:25:17 MDT 2010

On Sun, 2010-07-11 at 16:07 +0400, Matthieu Patou wrote:
> Andrew, Metze and others,
> Can you give me your point of view on a solution like this to allow 
> upgradeprovision to reload the full schema (mdw thank you not to point 
> any formatting pbs as this code is a poc and I am waiting for technical 
> remarks).
> We need to reload the full schema because depending how old is your 
> provision you do not have all the schema elements in it, so we start 
> with an external schema (as it is done in provision). This works great 
> but then due to schema enforcement that appeared lately we will face 
> situation when an object modified, that has an attribute defined only in 
> the schema of the updated provision (ie. think of an upgraded provision 
> with openchange schema ...), will not be allowed to be modified because 
> it violate the schema.
> The idea of this patch is to wait until upgradeprovision has added the 
> missing schema elements, then force a reload of the full schema that 
> contains existing classes and attributes (and potentially the ones added 
> by the user) and also the missing one brought by the update.

Yes, that sounds like a good idea.  but why:

+    dsdb._dsdb_set_schema_from_ldif(tmpldb, prefixmap_ldif,
+    samdb.set_schema_from_ldb(tmpldb)

Can't you set it directly on the samdb, without the extra ldb?

> So can you have a look at the patch, I don't like much the way the 
> prefixMap is done, but fetching the one from the provision schema gives 
> me a blob and I'm not sure I can unpack it in a  drsblobs.prefixMapBlob 
> and then get the list of oid (or maybe with drsuapi_MSPrefixMap_Ctr).

Why do you need to unpack it?  But yes, the correct approach is very
much the same as what we try to do in the libnet_vampire code.  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list