Checking we cannot delete fsmoRoleOwner

Matthias Dieter Wallnöfer mdw at
Sun Apr 29 13:00:25 MDT 2012


I have been doing some work in order to protect "fSMORoleOwner" a little 
more. As always please check out my master branch.


Andrew Bartlett schrieb:
> Matthias,
> I wondered if you might have time to look into the appropriate
> protection required for fSMORoleOwner?  Clearly we should prevent it
> from becoming empty (that is, a FSMO role having no owner), but as
> always it is a matter of protecting it in the right way.
> I've just (in pending autobuild) added a dbcheck test to put it back,
> but this is a little late, and it would be good if the samldb module
> would know how to prevent this in the first place.  In particular, the
> tricky part will be ensuring that we do not allow a forced delete of a
> DC with roles (because the link clean-up will be what deletes the
> attribute).
> This sounds like exactly this kind of challenge you are really good at,
> and I wondered if you could help out?
> Thanks,
> Andrew Bartlett

More information about the samba-technical mailing list