editing a linked attribute with ldbedit update the RMD_LOCAL_USN of all the entries

Matthieu Patou mat at samba.org
Thu Apr 21 04:17:12 MDT 2011 

On 21/04/2011 12:59, Stefan (metze) Metzmacher wrote:
> Am 21.04.2011 10:50, schrieb Matthieu Patou:
>> On 21/04/2011 01:43, Matthieu Patou wrote:
>>> Metze,
>>>
>>> if I have this in my ldb and then I just add one more user,
>>> member:
>>> <GUID=6d7fea94-7f86-4c40-a771-22cde51a87ff>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478062890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3468>;<RMD_ORIGINATING_USN=3468
>>>
>>>> ;<RMD_VERSION=1>;<SID=S-1-5-21-388586327-431195496-3280282343-512>;CN=Domain
>>>    Admins,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=02b43f97-7628-43a0-be72-3a7e9b70186d>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478062890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3468>;<RMD_ORIGINATING_USN=3468
>>>
>>>> ;<RMD_VERSION=1>;<SID=S-1-5-21-388586327-431195496-3280282343-519>;CN=Enterp
>>>   rise Admins,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=ff31654b-8bec-4e39-ac3f-123004de47b5>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478062890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3468>;<RMD_ORIGINATING_USN=3468
>>>
>>>> ;<RMD_VERSION=1>;<SID=S-1-5-21-388586327-431195496-3280282343-500>;CN=Admini
>>>   strator,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=0a5255fe-3868-4c79-991e-6068b2f792e2>;<RMD_ADDTIME=1294780628900
>>>   00000>;<RMD_CHANGETIME=129478062890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3468>;<RMD_ORIGINATING_USN=3468
>>>
>>>> ;<RMD_VERSION=0>;<SID=S-1-5-21-388586327-431195496-3280282343-1104>;CN=test,
>>>   CN=Users,DC=home,DC=matws,DC=net
>>> whenChanged: 20110420205129.0Z
>>> uSNChanged: 3468
>>>
>>> I'll have this:
>>>
>>> member:
>>> <GUID=6d7fea94-7f86-4c40-a771-22cde51a87ff>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478089610000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3471>;<RMD_ORIGINATING_USN=3471
>>>
>>>> ;<RMD_VERSION=2>;<SID=S-1-5-21-388586327-431195496-3280282343-512>;CN=Domain
>>>    Admins,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=02b43f97-7628-43a0-be72-3a7e9b70186d>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478089610000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3471>;<RMD_ORIGINATING_USN=3471
>>>
>>>> ;<RMD_VERSION=2>;<SID=S-1-5-21-388586327-431195496-3280282343-519>;CN=Enterp
>>>   rise Admins,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=ff31654b-8bec-4e39-ac3f-123004de47b5>;<RMD_ADDTIME=1294780524800
>>>   00000>;<RMD_CHANGETIME=129478089610000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3471>;<RMD_ORIGINATING_USN=3471
>>>
>>>> ;<RMD_VERSION=2>;<SID=S-1-5-21-388586327-431195496-3280282343-500>;CN=Admini
>>>   strator,CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=0a5255fe-3868-4c79-991e-6068b2f792e2>;<RMD_ADDTIME=1294780628900
>>>   00000>;<RMD_CHANGETIME=129478089610000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3471>;<RMD_ORIGINATING_USN=3471
>>>
>>>> ;<RMD_VERSION=1>;<SID=S-1-5-21-388586327-431195496-3280282343-1104>;CN=test,
>>>   CN=Users,DC=home,DC=matws,DC=net
>>> member:
>>> <GUID=fc9822de-eb5c-40a9-92ba-c9254bb0011e>;<RMD_ADDTIME=1294780896100
>>>   00000>;<RMD_CHANGETIME=129478089610000000>;<RMD_FLAGS=0>;<RMD_INVOCID=0f11498
>>>
>>>   6-0860-4ec6-9ae4-4f47249b1d42>;<RMD_LOCAL_USN=3471>;<RMD_ORIGINATING_USN=3471
>>>
>>>> ;<RMD_VERSION=0>;<SID=S-1-5-21-388586327-431195496-3280282343-501>;CN=Guest,
>>>   CN=Users,DC=home,DC=matws,DC=net
>>> whenChanged: 20110420213601.0Z
>>> uSNChanged: 3471
>>>
>>>   I didn't tested yet on windows but I have the feeling that not all
>>> the attributes are modified.
>>>
>> Well I just did a test against windows 2003 it has the same behavior ...
> How?
ldbsearch -k 1 -H ldap://windowsserver 
--controls="dirsync:1:2147483648:0" '(name=domain admins)' member
By doing so I'm asking to have incremental list of changed attribute for 
link attributes.

ldbedit -k 1 -H ldap://windowsserver '(name=domain admins)' member

I added a user (ie. mat) then
ldbsearch -k 1 -H ldap://windowsserver 
--controls="dirsync:1:2147483648:0:cookie" '(name=domain admins)' member

And I had listed all the users in the group with
member;range=1-1: CN=Administrator,CN=Users,DC=domain,DC=tld
member;range=1-1: CN=mat,CN=Users,DC=domain,DC=tld

And after replicate looking with --reveal and --extended-dn show that 
all the linked attribute have been modified as they all have a new 
originating usn and a fairly recent timestamp.

Matthieu

>> strange but maybe normal.
> Which forest functional level is in use there.
>
> It looks strange to me if the functional level is>= 2 (WIN2003)
Domain level  = 2003 Forest = 2003

Matthieu.



-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba-technical mailing list