IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
when in FL 2000 we were not correctly deleting backlinks as we uses
dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules
should use dsdb_module_dn_by_guid() which prevents going to the top
level, and finds deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This fixes a bug where we try to add an empty backlink because the
search for the forward link failed.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 31 13:37:36 CEST 2011 on sn-devel-104
This was already done in repl_meta_data, but it needs to be done here
as well to cope with Windows 2000 level links.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 2 02:03:58 CET 2011 on sn-devel-104
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
It is important to allow the rename, even if we just have one-way
links, as this happens on deleted objects, which have the backlinks
alredy removed by repl_meta_data.
Andrew Bartlett
The objectclass_attr module should prevent users creating such links,
and the mrepl_meta_data module should only create them in functional
level 2003 or above.
Andrew Bartlett
This revives the code from 5964acfa741d691c0196f91c0796122ec025f177,
before tridge and I simplified this too much, and removed the Windows
2000 functional level linked attribute support.
By telling the linked_attributes module that repl_meta_data has
handled the links, we avoid a conflict for the new style (functional
level 2003 and above) linked attributes. However, we still need
backlinks for 2000 style linked attributes, so this allows that code
in the linked_attributes module to be revived to handle those.
Andrew Bartlett
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
This uses the RELAX control and checking of single valued attributes
in ldb modules to avoid problems with multi-valued links where all
values but one are deleted
The linked_attributes module only has to deal with renames now, as
other linked attribute updates happen in repl_meta_data. This allows
it to be much simpler.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This one copes with deleted objects where linked attributes have been
set on the module. We hit this when we do the ldb wipe at the start of
a provision, which trigers linked attribute updates, but for objects
that have disappeared. We need to ensure that the linked attribute
updates only happen on the right object, and if the object gets
re-created (as happens with a provision) then it is not the right
object.
To cope with this we record the GUID of the object when the operation
that triggered the linked attribute update comes in, and then find the
DN by suing that GUID when we apply the change in the prepare commit
hook.
We need to call down to the next transaction function when we finish
in linked_attributes.
This also changes linked_attributes to use the common
dsdb_find_dn_by_guid() function
items are added to the linked attribute list using DLIST_ADD(), which
means to commit them to the database in the same order they came from
the server we need to walk the list backwards when we traverse it
linked attribute changes can come in any order. This means it is
possible for a forward link to come over the wire in DRS before the
target even exists. To make this work this patch changed the linked
attributes module to gather up all the changes it needs to make in a
linked list, then execute the changes in the end_transaction hook for
the module.
During that commit phase we also fix up all the DNs that we got by
searching for their GUID, as the objects may have moved after the
linked attribute was sent, but before the end of the transaction
This means that linked attributes will always have the same case form
as the actaul entry, as we search for that entry. We then also use
the GUID and SID found on that entry to fill in the extended DN on disk.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This causes the linked attribute modifies to occour after the original
operation is entered in the transaction (any failure still fails the
lot). This means (I hope) that we can have another module search the
originating record when the backlink is created, filling in the GUID
and SID for the extended DN.
Andrew Bartlett
The ldb_val is length-limited, and while normally NULL terminated,
this avoids the chance that this particular value might not be, as
well as avoiding a cast.
Andrew Bartlett
This bug occours frequenetly in ldb users because the union so happens
to be layed out that this works. However, it is still incorrect
usage...
Andrew Bartlett
