s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
Jason Moore
jmoore at infoblox.com
Tue May 11 14:33:24 MDT 2010
Hey guys, I am new to Infoblox through the Netcordia acquisition and am somehow on this mailing list, if you could remove me I would appreciate it. Thanks.
-Jason Moore
-----Original Message-----
From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of Anatoliy Atanasov
Sent: Tuesday, May 11, 2010 4:28 AM
To: abartlet at samba.org
Cc: samba-technical at lists.samba.org
Subject: Re: s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
----- Original Message -----
> From: Andrew Bartlett <abartlet at samba.org>
> To: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
> Cc: samba-technical at lists.samba.org <samba-technical at lists.samba.org>
> Sent: Tuesday, May 11, 2010 11:09:21 AM (GMT+02:00) Athens, Bucharest, Istanbul
> Subject: Re: s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
> > On Tue, 2010-05-11 at 11:04 +0300, Anatoliy Atanasov wrote:
> > Hi Andrew,
> > > > On Mon, 2010-05-10 at 09:26 -0500, Anatoliy Atanasov wrote:
> > > > The branch, master has been updated
> > > > via 658dac9... v2 Latest enhancements in ldapcmp tool
> > > > via c3cbb84... s4-rodc: Fix provision warnings by
> creating
> > > ntds objectGUID in provision
> > > > from 8373606... s3-rpcclient: fix two more invalid
> typecasts
> > > in spoolss commands.
> > > >
> > > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > > >
> > >
> > > > commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96
> > > > Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
> > > > Date: Mon May 10 13:52:27 2010 +0300
> > > >
> > > > s4-rodc: Fix provision warnings by creating ntds objectGUID
> in
> > > provision
> > > >
> > > >
> > >
> -----------------------------------------------------------------------
>
> > >
> > > >
> > > > Summary of changes:
> > > > source4/dsdb/pydsdb.c | 23 ++
> > > > source4/scripting/devel/ldapcmp | 402
> > > +++++++++++++++++----------
> > > > source4/scripting/python/samba/provision.py | 6 +-
> > > > source4/scripting/python/samba/samdb.py | 4 +
> > > > 4 files changed, 294 insertions(+), 141 deletions(-)
> > > >
> > >
> > > Anatoliy,
> > >
> > > This patch is incorrect, and dangerous.
> > >
> > > As far as I can see from the full patch, you set a GUID into the
> > > opaque,
> > > but never actually make any effort to actually make it match the
> GUID
> > > that will be stored in LDB.
> > Right, i misunderstood metze's suggestion to copy
> samdb.set_invocation_id
> > and do the same with objectGUID
> >
> > > If the ultimate question that is causing this warning is 'am I an
> > > RODC',
> > > then set an opaque for that. If it is some other question, then
> make
> > > a
> > > cache for that other question. But you can't set an opaque value
> > > caching an objectGUID unless you also make efforts to ensure that
> > > objectGUID is what is actually used. However, given that we can't
> > > easily set an objectGUID on LDAP backends, I've generally
> preferred to
> > > avoid this practice.
> > If i understood creating object guid during provision is bad idea,
> right?
> > The thing is that I need it in samdb_rodc, where i switched from
> using invocationID to objectGUID.
> > To answer amIRODC i need the NTDS entry for our server from the db
>
> This much you can cache the boolean for. That was what we were trying
> to suggest :-)
>
> > and read the msDS-isRODC attribute, which is constructed btw.
>
> Is it read during provision? For other servers it won't help -
> different objectGUID anyway :-)
Yeah, i understand now :)
i'll revert and make a new patch for that.
Regards,
Anatoliy
More information about the samba-technical
mailing list