s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
anatoliy.atanasov at postpath.com
Wed May 12 04:44:33 MDT 2010
Thanks for the caching example.
This doesn't solve the print issue that we have. The problem is that samdb_rodc is still called and the objectGUID is still missing from the cache/db, so the print is there.
This is visible in make test/quicktest and updateprovision script(as was reported in this mail)
We can skip the samdb_rodc check if there is a CONTROL_RELAX set during provision time. But i couldn't find a way to do that atm. Make test provision is difficult to track.
Any pointers how to add relax control to make test/quicktest updateprovision is appreciated.
Is it possible to break in samba4 while executing Samba4.pm?
I identified which calls should be guarded so i attach the patch, the setting for relax:0 should still be added.
----- Original Message -----
> From: Stefan (metze) Metzmacher <metze at samba.org>
> To: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
> Cc: abartlet at samba.org <abartlet at samba.org>, samba-technical at lists.samba.org <samba-technical at lists.samba.org>
> Sent: Tuesday, May 11, 2010 11:08:20 AM (GMT+02:00) Athens, Bucharest, Istanbul
> Subject: Re: s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
> > Anatoliy Atanasov schrieb:
> > Hi Andrew,
> >>> On Mon, 2010-05-10 at 09:26 -0500, Anatoliy Atanasov wrote:
> >>> The branch, master has been updated
> >>> via 658dac9... v2 Latest enhancements in ldapcmp tool
> >>> via c3cbb84... s4-rodc: Fix provision warnings by creating
> >> ntds objectGUID in provision
> >>> from 8373606... s3-rpcclient: fix two more invalid
> >> in spoolss commands.
> >>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> >>> commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96
> >>> Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
> >>> Date: Mon May 10 13:52:27 2010 +0300
> >>> s4-rodc: Fix provision warnings by creating ntds objectGUID in
> >> provision
> >>> Summary of changes:
> >>> source4/dsdb/pydsdb.c | 23 ++
> >>> source4/scripting/devel/ldapcmp | 402
> >> +++++++++++++++++----------
> >>> source4/scripting/python/samba/provision.py | 6 +-
> >>> source4/scripting/python/samba/samdb.py | 4 +
> >>> 4 files changed, 294 insertions(+), 141 deletions(-)
> >> Anatoliy,
> >> This patch is incorrect, and dangerous.
> >> As far as I can see from the full patch, you set a GUID into the
> >> opaque,
> >> but never actually make any effort to actually make it match the
> >> that will be stored in LDB.
> > Right, i misunderstood metze's suggestion to copy
> > and do the same with objectGUID
> >> If the ultimate question that is causing this warning is 'am I an
> >> RODC',
> >> then set an opaque for that. If it is some other question, then
> >> a
> >> cache for that other question. But you can't set an opaque value
> >> caching an objectGUID unless you also make efforts to ensure that
> >> objectGUID is what is actually used. However, given that we can't
> >> easily set an objectGUID on LDAP backends, I've generally preferred
> >> avoid this practice.
> > If i understood creating object guid during provision is bad idea,
> > The thing is that I need it in samdb_rodc, where i switched from
> using invocationID to objectGUID.
> > To answer amIRODC i need the NTDS entry for our server from the db
> and read the msDS-isRODC attribute, which is constructed btw.
> > Are there other options to do that, but using objectGUID to get the
> NTDS settings?
> My suggestion was to have a 'samsb.set_is_rodc()' cached value similar
> to samdb.set_invocation_id().
> This way the provision can preset this value.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2771 bytes
Desc: not available
More information about the samba-technical