s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases"
abartlet at samba.org
Sun Jun 13 05:40:35 MDT 2010
On Sun, 2010-06-13 at 09:43 +0200, Matthias Dieter Wallnöfer wrote:
> the original intention was to fix another bug which I didn't find in the
> SAMR RPC code since it is located/or not handled in the DSDB code. But
> so I cleaned up each function to be more consistent to their siblings
> (makes them easier to understand and maintain).
> Back to my real bug: The problem is with linked attributes: if you
> remove one, it is marked as "removed" on the repl_meta_data
> (replication) level - but it does still exist. So the problem is, when
> you do a search eg (member=xxx) and there are entries with removed
> "member: xxx" attributes they are still returned! That shouldn't happen
> and confuses SAMR.
> It would be really nice if you or someone else could fix this! I'm
> really not an expert in the "repl_meta_data" code.
So, what needs to be done is to fix the syntax handler that is applied
to these values (forward links), so that it is never possible to match
on member= when it is actually a deleted value. It would be good if
this could be done for the indexes too, but this is not required, as we
always filter with a full ldb_match anyway.
To change the matching rules, we need to change the schema code to
distinguish the link cases, and to handle them properly. I've started
to look into it, and I hope to get patch for you in the next few days.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the samba-technical