adding pseudo backlink on DN* syntax attributes

Matthieu Patou mat at samba.org
Wed May 11 03:09:38 MDT 2011 

Hello All,

I'm quite glad to inform you that I managed somehow to have managed to 
add pseudo backlink support in samba4.

What is pseudobacklink support ? Well it's a fake backlink attribute 
that normally don't exists but that is very handy.
We will create this in pair with attribute that are linked attribute 
_but_ without backlink attribute and on attribute that have a DN* (DN, 
DN+String, DN+Binary) syntax.

Doing so will allow us to easily update the forwardlink in case the DN 
that is pointed is changed (removed, renamed, ...).

For instance, if I have

dn: CN=foo,DC=bar,DC=baz
fSMORoleOwner: CN=toto,DC=bar,DC=baz

if I renamed CN=toto, DC=bar, DC=baz to CN=tatayoyo, DC=bar, DC=baz, the 
backlink infrastructure will automagicaly update the attribute 
fSMORoleOwner of object CN=foo,DC=bar,DC=baz.

Real case when this is useful are: moving a DC from site to another (as 
the NTDS changes and is a target for a numerous quantity of linked 
attributes and attributes with a DN* syntax).

I'm quite happy that provision now manage to create backlinks and I have 
the feeling that it is creating all the needed ones (my previous attempt 
created some of them)


./bin/ldbsearch -H 
/tmp/tst2/private/sam.ldb.d/DC\=HOME\,DC\=MATWS\,DC\=NET.ldb  | grep 
Backlink
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=9a791ea2-f78c-4697-941a-42bc26
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=58068baf-524c-4499-a8cb-8d0771
@rIDManagerReferenceBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecISAKMPReferenceBacklink: 
<GUID=2bc7ea6a-c164-4e3a-96ba-f2f96c06df22>;CN=
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=0e0f1eeb-4efb-431d-88d4-8a701f
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=1f690333-2b1c-42fe-8a4b-5abca6
@ipsecOwnersReferenceBacklink: 
<GUID=dc07771b-af6f-4483-8378-a58e49f69f3d>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=1f690333-2b1c-42fe-8a4b-5abca69b9bda>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=9a791ea2-f78c-4697-941a-42bc2696f28f>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=4a52f9cd-d730-4538-83db-c6fde5237457>;CN=
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecOwnersReferenceBacklink: 
<GUID=be687f64-3756-4da6-9e7b-63f122670cd1>;CN=
@ipsecNFAReferenceBacklink: 
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecOwnersReferenceBacklink: 
<GUID=60508178-a65f-4edb-8688-050a42b6c7c4>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=0e0f1eeb-4efb-431d-88d4-8a701fe49170>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=322b9b3c-e4b6-4b76-b130-54540f8acafb>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=a7463a0b-6861-49df-a988-387a2728e466>;CN=
@ipsecNFAReferenceBacklink: 
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@ipsecOwnersReferenceBacklink: 
<GUID=eed5f8fe-2382-43dd-89e0-839dc16dfe46>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=58068baf-524c-4499-a8cb-8d077113b59b>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=4cb1cf25-6167-484f-a65f-870e31fd6622>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=ada01310-8226-433d-a3e7-3bd00333e893>;CN=
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=4a52f9cd-d730-4538-83db-c6fde5
@ipsecFilterReferenceBacklink: 
<GUID=58068baf-524c-4499-a8cb-8d077113b59b>;CN=
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecISAKMPReferenceBacklink: 
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=
@ipsecISAKMPReferenceBacklink: 
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=
@msDS-HasInstantiatedNCsBacklink: 
<GUID=adaf11e1-1511-4b8f-993a-3e2bb063febf>;
@nCNameBacklink: 
<GUID=24a3bcb1-8b2f-4f96-a176-c73e7619bb17>;CN=MATWS,CN=Parti
@rIDSetReferencesBacklink: 
<GUID=5e652553-45e7-42ea-9a9b-326b74036dbd>;<SID=S-
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecFilterReferenceBacklink: 
<GUID=4a52f9cd-d730-4538-83db-c6fde5237457>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=b75e35dd-5fc7-455e-8fd7-9f583484c538>;CN=
@ipsecNFAReferenceBacklink: 
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@ipsecNegotiationPolicyReferenceBacklink: 
<GUID=4cb1cf25-6167-484f-a65f-870e31
@ipsecOwnersReferenceBacklink: 
<GUID=fa5c52f1-5721-4644-a325-166ed76bb91b>;CN=
@ipsecNFAReferenceBacklink: 
<GUID=2bc7ea6a-c164-4e3a-96ba-f2f96c06df22>;CN=ips
@ipsecNFAReferenceBacklink: 
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@ipsecOwnersReferenceBacklink: 
<GUID=c2a011fd-f995-4e9c-8757-98eb7e97a797>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=adb1a78d-0fb5-476f-b442-94f30c1c9896>;CN=
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecNFAReferenceBacklink: 
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@ipsecOwnersReferenceBacklink: 
<GUID=c2a011fd-f995-4e9c-8757-98eb7e97a797>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=adb1a78d-0fb5-476f-b442-94f30c1c9896>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=4c91bf24-98ad-4ca0-8d8d-528ce8d69fec>;CN=
@ipsecOwnersReferenceBacklink: 
<GUID=a7463a0b-6861-49df-a988-387a2728e466>;CN=
@ipsecNFAReferenceBacklink: 
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@wellKnownObjectsBacklink: 
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-


I didn't tested it completely but ldap tests in make tests are now ok.

It's in my repo here:

http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/pseudobacklinks

I also didn't cleaned everything but it should give an idea of the work 
already !

Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba-technical mailing list