Problem with dsdb_find_nc_root
Matthias Dieter Wallnöfer
mdw at samba.org
Sat Jan 15 10:20:53 MST 2011
Hi Nadya,
I managed to find a quick solution - we use the temporary list until we
have 3 naming contexts available. It might not be the nicest one
(probably it could be improved) - but it seems to work.
Cheers,
Matthias
Nadezhda Ivanova wrote:
> Hi list,
> I found out that the function dsdb_find_nc_root, which is used in a lot of
> places to get the current naming context for a dn, has a wrong behavior
> during provisioning, when no all of the naming contexts are created. This
> issue results in problems with SD inheritance, as the descriptor module was
> recently fixed to use it to determine if the currently created object is an
> NC and not inherit any ACES, rather than ldb_get_XXXXXX_dn functions.
> What happens is the following:
> This function reads the namingContexts from rootDSE, if there aren't any,
> constructs a temporary list, which is correct. So at first when we create
> the default naming context, everything is fine.
> However, when we create Configuration, naming contexts is not empty, so we
> do not create a temporary list, and the only entry is the default. As a
> result, we get that the root NC for Configuration is the default, and the
> root nc for Schema is Configuration, instead of themselves.
>
> In the descriptor.c module I will fix the issue by checking the instanceType
> first, but this behavior of dsdb_find_nc_root may cause problems if people
> are unaware. I am not sure, however, what is the best way to actually fix
> dsdb_find_nc_root.
>
> Any ideas?
>
> Regards,
> Nadya
>
>
More information about the samba-technical
mailing list