s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
Stefan (metze) Metzmacher
metze at samba.org
Tue May 11 02:14:45 MDT 2010
Anatoliy Atanasov schrieb:
> Hi Andrew,
>>> On Mon, 2010-05-10 at 09:26 -0500, Anatoliy Atanasov wrote:
>>> The branch, master has been updated
>>> via 658dac9... v2 Latest enhancements in ldapcmp tool
>>> via c3cbb84... s4-rodc: Fix provision warnings by creating
>> ntds objectGUID in provision
>>> from 8373606... s3-rpcclient: fix two more invalid typecasts
>> in spoolss commands.
>>> commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96
>>> Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
>>> Date: Mon May 10 13:52:27 2010 +0300
>>> s4-rodc: Fix provision warnings by creating ntds objectGUID in
>>> Summary of changes:
>>> source4/dsdb/pydsdb.c | 23 ++
>>> source4/scripting/devel/ldapcmp | 402
>>> source4/scripting/python/samba/provision.py | 6 +-
>>> source4/scripting/python/samba/samdb.py | 4 +
>>> 4 files changed, 294 insertions(+), 141 deletions(-)
>> This patch is incorrect, and dangerous.
>> As far as I can see from the full patch, you set a GUID into the
>> but never actually make any effort to actually make it match the GUID
>> that will be stored in LDB.
> Right, i misunderstood metze's suggestion to copy samdb.set_invocation_id
> and do the same with objectGUID
>> If the ultimate question that is causing this warning is 'am I an
>> then set an opaque for that. If it is some other question, then make
>> cache for that other question. But you can't set an opaque value
>> caching an objectGUID unless you also make efforts to ensure that
>> objectGUID is what is actually used. However, given that we can't
>> easily set an objectGUID on LDAP backends, I've generally preferred to
>> avoid this practice.
> If i understood creating object guid during provision is bad idea, right?
> The thing is that I need it in samdb_rodc, where i switched from using invocationID to objectGUID.
> To answer amIRODC i need the NTDS entry for our server from the db and read the msDS-isRODC attribute, which is constructed btw.
> Are there other options to do that, but using objectGUID to get the NTDS settings?
My suggestion was to have a 'samsb.set_is_rodc()' cached value similar
This way the provision can preset this value.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
More information about the samba-technical