removing previously stored generated attributes

Andrew Bartlett abartlet at
Fri Jun 4 05:48:34 MDT 2010

On Fri, 2010-06-04 at 09:53 +0400, Matthieu Patou wrote:
> Hello,
> While trying to do it with msds-keyversionnumber I find the pb far from 
> being trivial.
> The thing is that with a given provision we have some attributes that 
> are marked as automatically generated and that used to be stored in the 
> database.
> A search with an "old" provision but new code will return the calculated 
> attribute what ever the stored version is.
> So to access to the stored version I have the impression that I should 
> go without the modules and access the ldb at the low level.
> Well accessing at low level is not such big problem I think, but if we 
> want also to get rid of previously stored values we have also to remove 
> old version.
> I can really well remember andrew B. saying that this should not be done 
> otherwise we have the risk to broke or mess indexes.

Correct.  It is quite dangerous to access the DB for write access
without the schema loaded. 

> I suppose the risk is still valid in general, is it also still the case 
> for attributes that are not fetched from the database ?
> If so as I want to release a new version of upgradeprovision soon, is it 
> acceptable to not remove old attributes (can be in next releases).

This is quite acceptable.  To see the DB without the generated
attributes, simply don't search for them by name (you only get stored
attributes with *), or we can add an internal-only control if needed for
greater certainty. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list