adding pseudo backlink on DN* syntax attributes
Matthieu Patou
mat at samba.org
Wed May 11 03:09:38 MDT 2011
Hello All,
I'm quite glad to inform you that I managed somehow to have managed to
add pseudo backlink support in samba4.
What is pseudobacklink support ? Well it's a fake backlink attribute
that normally don't exists but that is very handy.
We will create this in pair with attribute that are linked attribute
_but_ without backlink attribute and on attribute that have a DN* (DN,
DN+String, DN+Binary) syntax.
Doing so will allow us to easily update the forwardlink in case the DN
that is pointed is changed (removed, renamed, ...).
For instance, if I have
dn: CN=foo,DC=bar,DC=baz
fSMORoleOwner: CN=toto,DC=bar,DC=baz
if I renamed CN=toto, DC=bar, DC=baz to CN=tatayoyo, DC=bar, DC=baz, the
backlink infrastructure will automagicaly update the attribute
fSMORoleOwner of object CN=foo,DC=bar,DC=baz.
Real case when this is useful are: moving a DC from site to another (as
the NTDS changes and is a target for a numerous quantity of linked
attributes and attributes with a DN* syntax).
I'm quite happy that provision now manage to create backlinks and I have
the feeling that it is creating all the needed ones (my previous attempt
created some of them)
./bin/ldbsearch -H
/tmp/tst2/private/sam.ldb.d/DC\=HOME\,DC\=MATWS\,DC\=NET.ldb | grep
Backlink
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=9a791ea2-f78c-4697-941a-42bc26
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=58068baf-524c-4499-a8cb-8d0771
@rIDManagerReferenceBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecISAKMPReferenceBacklink:
<GUID=2bc7ea6a-c164-4e3a-96ba-f2f96c06df22>;CN=
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=0e0f1eeb-4efb-431d-88d4-8a701f
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=1f690333-2b1c-42fe-8a4b-5abca6
@ipsecOwnersReferenceBacklink:
<GUID=dc07771b-af6f-4483-8378-a58e49f69f3d>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=1f690333-2b1c-42fe-8a4b-5abca69b9bda>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=9a791ea2-f78c-4697-941a-42bc2696f28f>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=4a52f9cd-d730-4538-83db-c6fde5237457>;CN=
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecOwnersReferenceBacklink:
<GUID=be687f64-3756-4da6-9e7b-63f122670cd1>;CN=
@ipsecNFAReferenceBacklink:
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecOwnersReferenceBacklink:
<GUID=60508178-a65f-4edb-8688-050a42b6c7c4>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=0e0f1eeb-4efb-431d-88d4-8a701fe49170>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=322b9b3c-e4b6-4b76-b130-54540f8acafb>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=a7463a0b-6861-49df-a988-387a2728e466>;CN=
@ipsecNFAReferenceBacklink:
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@ipsecOwnersReferenceBacklink:
<GUID=eed5f8fe-2382-43dd-89e0-839dc16dfe46>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=58068baf-524c-4499-a8cb-8d077113b59b>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=4cb1cf25-6167-484f-a65f-870e31fd6622>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=ada01310-8226-433d-a3e7-3bd00333e893>;CN=
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=4a52f9cd-d730-4538-83db-c6fde5
@ipsecFilterReferenceBacklink:
<GUID=58068baf-524c-4499-a8cb-8d077113b59b>;CN=
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecISAKMPReferenceBacklink:
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=
@ipsecISAKMPReferenceBacklink:
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=
@msDS-HasInstantiatedNCsBacklink:
<GUID=adaf11e1-1511-4b8f-993a-3e2bb063febf>;
@nCNameBacklink:
<GUID=24a3bcb1-8b2f-4f96-a176-c73e7619bb17>;CN=MATWS,CN=Parti
@rIDSetReferencesBacklink:
<GUID=5e652553-45e7-42ea-9a9b-326b74036dbd>;<SID=S-
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecFilterReferenceBacklink:
<GUID=4a52f9cd-d730-4538-83db-c6fde5237457>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=b75e35dd-5fc7-455e-8fd7-9f583484c538>;CN=
@ipsecNFAReferenceBacklink:
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@ipsecNegotiationPolicyReferenceBacklink:
<GUID=4cb1cf25-6167-484f-a65f-870e31
@ipsecOwnersReferenceBacklink:
<GUID=fa5c52f1-5721-4644-a325-166ed76bb91b>;CN=
@ipsecNFAReferenceBacklink:
<GUID=2bc7ea6a-c164-4e3a-96ba-f2f96c06df22>;CN=ips
@ipsecNFAReferenceBacklink:
<GUID=37fb7e27-04a3-4914-99c5-93cf074ec27b>;CN=ips
@ipsecOwnersReferenceBacklink:
<GUID=c2a011fd-f995-4e9c-8757-98eb7e97a797>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=adb1a78d-0fb5-476f-b442-94f30c1c9896>;CN=
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
@ipsecNFAReferenceBacklink:
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@ipsecOwnersReferenceBacklink:
<GUID=c2a011fd-f995-4e9c-8757-98eb7e97a797>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=adb1a78d-0fb5-476f-b442-94f30c1c9896>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=4c91bf24-98ad-4ca0-8d8d-528ce8d69fec>;CN=
@ipsecOwnersReferenceBacklink:
<GUID=a7463a0b-6861-49df-a988-387a2728e466>;CN=
@ipsecNFAReferenceBacklink:
<GUID=871cf0d5-bbb3-4384-bddc-339028ad6452>;CN=ips
@wellKnownObjectsBacklink:
<GUID=08664bfd-b8ab-4778-8bfd-3452b0c94106>;<SID=S-
I didn't tested it completely but ldap tests in make tests are now ok.
It's in my repo here:
http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/pseudobacklinks
I also didn't cleaned everything but it should give an idea of the work
already !
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical
mailing list