Pseudobacklinks in samba4

Andrew Bartlett abartlet at samba.org
Sun May 22 23:13:54 MDT 2011 

On Mon, 2011-05-23 at 00:05 +0400, Matthieu Patou wrote:
> Hello,
> 
> I just pushed in my repo at 
> http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/pseudobacklinks.
> 
> Pseudo backlinks are a way to do fake linked attributes on attribute 
> with a DN like syntax but that are not linked attribute.
> 
> The main interest of this is that if the DN pointed by this attribute 
> change then thanks to the pseudobacklink we will be able to change the 
> value in the attribute as well.
> 
> This can be very useful when removing a DC or when changing the site of 
> a DC and surely in other case that we don't envision yet.
> 
> I tried to be very cautious on this patches (as usual) but a small 
> review wouldn't hurt I think !

s4-dsdb: do not allow search on @ attributes and don't return them
http://git.samba.org/?p=mat/samba.git;a=commitdiff;h=23bf142dfde77429180f6cbd193b6faa2cbb05ec

This is O(n^3) and not safe, as far as I can see it.  

If you used ldb_msg_remove_element() you could make it only O(n^2) and
potentially safe (knowing to repeat the index each time you remove it,
due to the internal memmove()).

We do need to move to a 'mark as deleted' scheme here, as this is one of
our nastiest little traps in the ldb API, but for now you have to work
around it. 

s4-dsdb: Add a warning about dsdb_module_rename that locks if olddn ==
newdn
http://git.samba.org/?p=mat/samba.git;a=commitdiff;h=933d74e64e9836e8597bcfa531d5347bec726182

Is this bug new, or exposed by your tests, or?  We should not use FIXME
as a bug tracking system, but actually fix the code if at all possible,
otherwise error out early. 

s4-dsdb: In rootdse module, catch rename on any DN that has an impact on
our NTDS Setting dn
http://git.samba.org/?p=mat/samba.git;a=commitdiff;h=e78335ce0184b5fdd6f313a6b95b00f242fab83f

We should more dynamically determine this, I think, perhaps based on a
stored GUID (which should not change).  We have gradually moved from
having static strings in @ROOTDSE to dynamic lookup, and this is just
another step in that direction. 

(this also applies to all the other changes that modify @ROOTDSE). 

Let me know if you need any more clarification on these comments, and
thanks for all your hard work on this, we had left this important detail
to one side for too long. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list