Checking we cannot delete fsmoRoleOwner
Andrew Bartlett
abartlet at samba.org
Wed Apr 18 22:27:06 MDT 2012
Matthias,
I wondered if you might have time to look into the appropriate
protection required for fSMORoleOwner? Clearly we should prevent it
from becoming empty (that is, a FSMO role having no owner), but as
always it is a matter of protecting it in the right way.
I've just (in pending autobuild) added a dbcheck test to put it back,
but this is a little late, and it would be good if the samldb module
would know how to prevent this in the first place. In particular, the
tricky part will be ensuring that we do not allow a forced delete of a
DC with roles (because the link clean-up will be what deletes the
attribute).
This sounds like exactly this kind of challenge you are really good at,
and I wondered if you could help out?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list