Checking we cannot delete fsmoRoleOwner
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Apr 29 13:00:25 MDT 2012
I have been doing some work in order to protect "fSMORoleOwner" a little
more. As always please check out my master branch.
Andrew Bartlett schrieb:
> I wondered if you might have time to look into the appropriate
> protection required for fSMORoleOwner? Clearly we should prevent it
> from becoming empty (that is, a FSMO role having no owner), but as
> always it is a matter of protecting it in the right way.
> I've just (in pending autobuild) added a dbcheck test to put it back,
> but this is a little late, and it would be good if the samldb module
> would know how to prevent this in the first place. In particular, the
> tricky part will be ensuring that we do not allow a forced delete of a
> DC with roles (because the link clean-up will be what deletes the
> This sounds like exactly this kind of challenge you are really good at,
> and I wondered if you could help out?
> Andrew Bartlett
More information about the samba-technical