s4:objectclass_attrs LDB module - move the single-valued attribute check into this module
Andrew Bartlett
abartlet at samba.org
Tue Jun 8 22:29:18 MDT 2010
On Mon, 2010-06-07 at 14:31 -0500, Matthias Dieter Wallnöfer wrote:
> The branch, master has been updated
> via 99c9e35... ldb:pyldb.c - we cannot use "ldb_dn_compare" if both message DNs are NULL in "py_ldb_msg_compare"
> via 0c3dfd7... s4 python: add more unit tests to verify the compare tests
> via 1949864... s4:objectclass_attrs LDB module - move the single-valued attribute check into this module
> via a75d271... s4:rdn_name LDB module - move the "distinguishedName" write prevent check here
> from 9a747d5... s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
Matthias,
So often I've replied to your commits to point out what things you have
missed, or that I wish I had seen things before, so I wanted to change
the tone a little:
Thank you for all your hard, detailed work to improve the quality of our
LDAP server. As we are now a read-write replica with Windows, it's
critical that we hold clients to the same standards a Windows server
would. Otherwise, we have a real risk that we may allow a poorly
written client to corrupt the replicated database.
Your work here is of great value, and is much appreciated. I look
forward to continuing to work with you as we refine this area.
> commit 1949864417f3d10fb8996df7db259649eb777271
> Author: Matthias Dieter Wallnöfer <mdw at samba.org>
> Date: Mon Jun 7 20:46:59 2010 +0200
>
> s4:objectclass_attrs LDB module - move the single-valued attribute check into this module
>
> It seems to me more consistent (and also to keep the same behaviour on all
> backends).
>
> Also the DRS hack should therefore not be needed anymore since the
> "repl_meta_data" module launches requests behind "objectclass_attrs".
>
> commit a75d271373dbbff973544865c2c9715510d67669
> Author: Matthias Dieter Wallnöfer <mdw at samba.org>
> Date: Mon Jun 7 20:31:22 2010 +0200
>
> s4:rdn_name LDB module - move the "distinguishedName" write prevent check here
>
> In my eyes it fits better here than in the TDB backend code.
BTW, I think both of these changes are good. The single-value check was
added to ldb_tdb when I was working with Microsoft to pass their LDAP
testsuite, as were the DN changes. It is nice to move these back to the
Samba-specific code, as only the Samba schema code could enable it
anyway.
We may need to rework some of this in the future (I'm a little worried
about the performance impact of a read after every write), but this work
and the test-suites you have written with it form a great basis to build
consistency.
Thanks!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100609/2599fcbc/attachment.pgp>
More information about the samba-technical
mailing list