Endi's Bug 7530 patches (LDAP backend)

Matthias Dieter Wallnöfer mdw at samba.org
Tue Jun 29 04:46:59 MDT 2010 

Andrew,

I will do this today when I get some free time. Sorry, but I thought all 
would be fine.

Matthias

Andrew Bartlett wrote:
> On Mon, 2010-06-28 at 12:47 -0500, Matthias Dieter Wallnöfer wrote:
>    
>> The branch, master has been updated
>>         via  7cb98a0... s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
>>         via  5bee3ef... s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
>>         via  ed4c107... s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
>>         via  fa9557f... s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
>>        from  ba0ba4e... s3: Make some routines static in smbldap
>>
>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>
>>
>> - Log -----------------------------------------------------------------
>> commit 7cb98a0cdcef27f591357ec63633b50fd9dce29f
>> Author: Endi S. Dewata<edewata at redhat.com>
>> Date:   Mon Jun 28 11:13:03 2010 -0500
>>
>>      s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
>>
>>      Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
>>      
> This looks OK, but I think we need a utility function to handle this.
>
>    
>> commit 5bee3efacac76fdf8753a7c7cb2845bf6058d088
>> Author: Endi S. Dewata<edewata at redhat.com>
>> Date:   Mon Jun 28 11:18:16 2010 -0500
>>
>>      s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
>>
>>      Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
>>      
> I guess this is OK, but we need to find a better solution in the long
> term.  The catch-up here is getting silly.
>
>    
>> commit ed4c107bc1eac8531fdd8d09f7698efcbc7ecb14
>> Author: Endi S. Dewata<edewata at redhat.com>
>> Date:   Mon Jun 28 10:54:37 2010 -0500
>>
>>      s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
>>
>>      Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
>>
>> commit fa9557fee3ca546878d99b77f1ff37f724c37024
>> Author: Endi S. Dewata<edewata at redhat.com>
>> Date:   Mon Jun 28 10:45:04 2010 -0500
>>
>>      s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
>>
>>      Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
>>      
> I'm sorry, but both these patches are totally wrong.  Endi's patches are
> usually very good, but these are based on incorrect starting
> assumptions.
>
> The partitions patch will, as I read it, totally break replication, as
> it will remove the search for @REPLCHANGED from being propagated down to
> each backend database. (so we know if a particular database needs
> replication)
>
> The expand_nested_groups patch will work, but I do not wish us to take
> this approach.  The LDAP backend needs to provide, one way or another,
> this information - if we start to have fallbacks in the code, we will
> duplicate the whole extended DN infrastructure in each caller.  The
> OpenLDAP backend provides this by a server-side module, and either
> Fedora DS must do the same, or fake it up in a Samba module at the
> bottom of the stack.
>
> I was about to make these comments on the bug itself, but you were just
> a little too efficient in pushing the patches. :-)
>
> I'm sorry to have to ask, particularly has you have now further refined
> it, but can you please revert?
>
> Andrew Bartlett
>
>

More information about the samba-technical mailing list