[testlist] [PR PATCH master 03/22] join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common

github at samba.org github at samba.org
Mon Sep 7 00:10:30 UTC 2015 

From: Andrew Bartlett <abartlet at samba.org>

The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/join.py | 66 +++++++++++++++++++++++++++-------------------------
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/python/samba/join.py b/python/samba/join.py
index f8ede5d..7f278e4 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -66,6 +66,7 @@ class dc_join(object):
         ctx.promote_from_dn = None
 
         ctx.nc_list = []
+        ctx.full_nc_list = []
 
         ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
         ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
@@ -447,8 +448,8 @@ class dc_join(object):
 
         return ctr.objects
 
-    def join_add_ntdsdsa(ctx):
-        '''add the ntdsdsa object'''
+    def join_ntdsdsa_obj(ctx):
+        '''return the ntdsdsa object to add'''
 
         print "Adding %s" % ctx.ntds_dn
         rec = {
@@ -467,16 +468,28 @@ class dc_join(object):
 
         if ctx.RODC:
             rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
-            rec["msDS-HasFullReplicaNCs"] = ctx.nc_list
+            rec["msDS-HasFullReplicaNCs"] = ctx.full_nc_list
             rec["options"] = "37"
-            ctx.samdb.add(rec, ["rodc_join:1:1"])
         else:
             rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
-            rec["HasMasterNCs"]      = nc_list
+            rec["HasMasterNCs"]      = []
+            for nc in nc_list:
+                if nc in ctx.full_nc_list:
+                    rec["HasMasterNCs"].append(nc)
             if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
-                rec["msDS-HasMasterNCs"] = ctx.nc_list
+                rec["msDS-HasMasterNCs"] = ctx.full_nc_list
             rec["options"] = "1"
             rec["invocationId"] = ndr_pack(ctx.invocation_id)
+
+        return rec
+
+    def join_add_ntdsdsa(ctx):
+        '''add the ntdsdsa object'''
+
+        rec = ctx.join_ntdsdsa_obj()
+        if ctx.RODC:
+            ctx.samdb.add(rec, ["rodc_join:1:1"])
+        else:
             ctx.DsAddEntry([rec])
 
         # find the GUID of our NTDS DN
@@ -672,26 +685,7 @@ class dc_join(object):
         if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
             rec["msDS-Behavior-Version"] = str(ctx.behavior_version)
 
-        rec2 = {
-            "dn" : ctx.ntds_dn,
-            "objectclass" : "nTDSDSA",
-            "systemFlags" : str(samba.dsdb.SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE),
-            "dMDLocation" : ctx.schema_dn}
-
-        nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
-
-        if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
-            rec2["msDS-Behavior-Version"] = str(ctx.behavior_version)
-
-        if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
-            rec2["msDS-HasDomainNCs"] = ctx.base_dn
-
-        rec2["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
-        rec2["HasMasterNCs"]      = nc_list
-        if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
-            rec2["msDS-HasMasterNCs"] = ctx.nc_list
-        rec2["options"] = "1"
-        rec2["invocationId"] = ndr_pack(ctx.invocation_id)
+        rec2 = ctx.join_ntdsdsa_obj()
 
         objects = ctx.DsAddEntry([rec, rec2])
         if len(objects) != 2:
@@ -1054,17 +1048,25 @@ class dc_join(object):
 
 
     def do_join(ctx):
-        # full_nc_list is the list of naming context (NC) for which we will
-        # send a updateRef command to the partner DC
+        # nc_list is the list of naming context (NC) for which we will
+        # replicate in and send a updateRef command to the partner DC
+
+        # full_nc_list is the list of naming context (NC) we hold
+        # read/write copies of.  These are not subsets of each other.
         ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
+        ctx.full_nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
 
-        if not ctx.subdomain:
+        if ctx.subdomain and ctx.dns_backend != "NONE":
+            ctx.full_nc_list += [ctx.domaindns_zone]
+
+        elif not ctx.subdomain:
             ctx.nc_list += [ctx.base_dn]
+
             if ctx.dns_backend != "NONE":
                 ctx.nc_list += [ctx.domaindns_zone]
-
-        if ctx.dns_backend != "NONE":
-            ctx.nc_list += [ctx.forestdns_zone]
+                ctx.nc_list += [ctx.forestdns_zone]
+                ctx.full_nc_list += [ctx.domaindns_zone]
+                ctx.full_nc_list += [ctx.forestdns_zone]
 
         if ctx.promote_existing:
             ctx.promote_possible()
-- 
1.9.1

More information about the testlist mailing list