[PATCH] ignore inherited components in SDs when comparing in samba_upgradeprovision

[Andrew Bartlett]

As per my other mails, these patches are in and based on my
upgradeprovision branch.

This seems to improve the correctness of the 4.0.0 upgrade with --full,
as one more SD is now correctly upgraded according to ldapcmp:

@@ -52,24 +52,11 @@
 
 * Objects to be compared: 39
 
-Comparing:
-'DC=release-4-0-0.samba.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=release-4-0-0,DC=samba,DC=corp' [st/provision/release-4-0-0_upgrade_reference/private/sam.ldb]
-'DC=release-4-0-0.samba.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=release-4-0-0,DC=samba,DC=corp' [st/provision/release-4-0-0_upgrade_full/private/sam.ldb]
-    Difference in ACE count:
-        => 27
-        => 28
-    ACEs found only in
st/provision/release-4-0-0_upgrade_reference/private/sam.ldb:
-        (A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)
-    ACEs found only in
st/provision/release-4-0-0_upgrade_full/private/sam.ldb:
-        (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)
-        (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;LA)
-    FAILED
-
-* Result for [DNSDOMAIN]: FAILURE
+* Result for [DNSDOMAIN]: SUCCESS

In --full mode, an upgrade from 4.0.0 now only leaves the DC with the
wrong ACL:

Comparing:
'CN=ARES,OU=Domain
Controllers,DC=release-4-0-0,DC=samba,DC=corp' [st/provision/release-4-0-0_upgrade_reference/private/sam.ldb]
'CN=ARES,OU=Domain
Controllers,DC=release-4-0-0,DC=samba,DC=corp' [st/provision/release-4-0-0_upgrade_full/private/sam.ldb]
    ACEs found only in
st/provision/release-4-0-0_upgrade_reference/private/sam.ldb:
        (OA;;SW;Validated-DNS-Host-Name;;DA)
        (OA;;SW;Validated-DNS-Host-Name;;PS)
    ACEs found only in
st/provision/release-4-0-0_upgrade_full/private/sam.ldb:
        (OA;;SW;DNS-Host-Name-Attributes;;DA)
        (OA;;SW;DNS-Host-Name-Attributes;;PS)
    FAILED

I would appreciate any comments or thoughts on this approach.

Thanks,

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-scripting-Rework-samba.upgradehelpers.get_diff_sddls.patch
Type: text/x-patch
Size: 4595 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130217/f129511b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-samba_upgradeprovision-Remove-inherited-ACEs-before-.patch
Type: text/x-patch
Size: 2947 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130217/f129511b/attachment-0001.bin>