[PATCH] s4-drs: Delete RODC filtered attributes from objects
Stefan (metze) Metzmacher
metze at samba.org
Fri Mar 12 07:43:55 MST 2010
tridge at samba.org schrieb:
> Hi Fernando,
>
> > In this patch, if there is an update on an attributeSchema object such
> > that it become part of the RODC filtered set, then we delete the
> > values of that attribute from any object which contains it.
>
> I think this isn't the right approach.
>
> When a DC is a RODC, then when it replicates from another DC, it gets
> a subset of the attributes. So there is no need for it to delete
> attributes. The reason it gets a subset is that a RODC is not trusted
> to hold all attributes, so they will never be sent by the other DC.
>
> I think these are the logical changes we need to support RODC
> operation:
>
> 1) when we are a RODC we should refuse changes to the directory. This
> would happen in repl_meta_data.c module. I think the logical place
> for this check is in replmd_update_rpmd_element()
I assume this is based on the INSTANCE_TYPE_WRITE flag.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100312/9db62fc6/attachment.pgp>
More information about the samba-technical
mailing list