samldb and associated patches

Matthias Dieter Wallnöfer mdw at
Sun Sep 19 14:58:45 MDT 2010

Hi Andrew,

I've reworked the patchset:

    * Patches until 196e1dfcfece636054a224cc5bd2904704671530 should work
      without problems (cosmetics and some enhancements to the SAMLDB
      primary group detection)
    * Patches until aca7270d7fc478385a933c81c3b1cc5d14e8da79 should also
      work (makes the most of the rootDSE attributes dynamic - I had to
      leave "dsServiceName" static for now since otherwise s4 stops working)
    * The patches afterwards fixes the delete operation. I found out
      that beginning with DC functional level >= 2008_R2 we need to make
      use of the SHOW_RECYCLED and not SHOW_DELETED control to find
      always all entries. Since otherwise recycled objects aren't
      handled. These patches try to fix this - would be nice if you
      could take a look if my thoughts are right.

It would be nice if you could start applying at least some parts. But 
probably a "make test" is still useful.


Matthias Dieter Wallnöfer wrote:
> Andrew,
> Andrew Bartlett wrote:
>> On Sat, 2010-09-18 at 09:14 +0200, Matthias Dieter Wallnöfer wrote:
>>>> lookup without the...
>>>> This seems to do a unindexed search on dnsHostName.  We should avoid
>>>> unindexed searches in routines such as this - and I fear that soon
>>>> someone will request that likewise dnsHostName be made dynamic.  
>>>> Perhaps
>>>> instead search for our samAccountName based on the lp_netbios_name(),
>>>> and follow the serverReference link?
>>> Well, so I could make "dNSHostName" dynamic just now. And I will use
>>> "sAMAccountName".
> This seems easier as it is. In fact the lp_ctx isn't always the one 
> from the server but could also be provided by the client (consider 
> "torture_netlogon" tests). And then we end in "NTDS settings container 
> not found" and failing tests.
> Matthias

More information about the samba-technical mailing list