[PATCH] make samba-tool aware of all 7 fsmo roles

Stefan (metze) Metzmacher metze at samba.org
Wed May 20 10:33:22 MDT 2015 

Am 20.05.2015 um 18:21 schrieb Rowland Penny:
> On 20/05/15 17:06, Stefan (metze) Metzmacher wrote:
>> Hi Rowland,
>>
>>>> Can you change the commit message to this:
>>>>
>>>>       samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles
>>>>
>>>>       BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
>>>>
>>>>       Signed-off-by: Rowland Penny <repenny241155 at gmail.com>
>>> Hi Stefan,
>>>
>>> Done
>> I don't see an updated commit message...
> 
> Ah, sorry, missed the bug line.
> 
>>>>> @@ -58,6 +59,26 @@ def transfer_role(outf, role, samdb):
>>>>>            m["becomeSchemaMaster"]= ldb.MessageElement(
>>>>>                "1", ldb.FLAG_MOD_REPLACE,
>>>>>                "becomeSchemaMaster")
>>>>> +    elif role == "domaindns":
>>>>> +        # this would work in the same way as the infrastructure role
>>>>> if the schema allowed it
>>>>> +        # but it doesn't, so will have to sieze
>>>> Can you explain this a bit?
>>>> What is this different (in detail)?
>>> To tranfer the main 5 roles, you just create an attribute called
>>> 'become****' containing '1' in the DN that you want to transfer i.e.
>>> create 'becomeRidMaster: 1' to transfer the RIDMaster role. There isn't
>>> a 'become****' attribute for the two dns roles (or at least I cannot
>>> find them and believe me, I tried), so it seems the only way to change
>>> them is to seize them.
>> Wouldn't it be better to simulate the becomeROLE change behaviour?
> 
> Well possibly, but how?
> Please bear in mind, until I started looking into this, python was a
> very big snake to me, I am used to writing bash scripts :-)

:-)

I'll try to come up with fix for it.

>>
>> We should do the change on the current master as that is still alive
>> and it needs to give up the role before the new dc takes over.
> 
> Ah well, back to google (there are other internet search engines available)
> 
>>
>> Maybe it would work if we do the ldap modify on the current role owner
>> and then send new owner a DsReplicaSync message to trigger an immediate
>> replication
>> from the old to the new owner.
> 
> How about if I remove the transfer part until I sort it out and just
> change the show & sieze parts ?

I think that would work, just print out a warning that "all" will skip
the transfer.

That would be still be a great improvement over the current situation.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150520/abff5cf1/attachment.pgp>

More information about the samba-technical mailing list