[PATCH] s4-drs: RODC related patches

[Fernando J V da Silva]

Hi guys!

> Yes, my understanding is that RODCs should never send a DSReplicaSync
> message, and be ignored if they send one.  We should also never attempt
> a GetNCChanges call against an RODC - if we did, we could risk allowing
> it to effectively write into the main LDAP database, violating
> security.
>

Attached are some patches related to RODC support. Two of them are
intended to avoid the GetNCChanges messages to be sent to RODCs and
DSReplicaSync to be sent from RODCs (please, let me know if it is not
the correct approach! :-) ).

In the third patch, It doesn't allow to add system-critical attributes
to RODC filtered attribute set, according to MS documentation at
http://technet.microsoft.com/en-us/library/cc753223(WS.10).aspx#bkmk_ropas

Those patches are also available at my repository in repo.or.cz at rodc branch.


Cheers,

-- 
Fernando J V da Silva
M Sc Computer Science Student
Institute of Computing, State University of Campinas
+55 15 8801-2165
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-drs-Do-not-allow-system-critical-attributes-to-b.patch
Type: text/x-patch
Size: 4252 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100324/a315b2ae/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-drs-Do-not-send-GetNCChanges-messages-to-RODCs.patch
Type: text/x-patch
Size: 979 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100324/a315b2ae/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-drs-If-we-are-a-RODC-then-do-not-send-DSReplicaS.patch
Type: text/x-patch
Size: 1612 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100324/a315b2ae/attachment-0002.bin>