summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/partition.c17
-rw-r--r--source4/dsdb/samdb/ldb_modules/subtree_rename.c18
-rwxr-xr-xtestprogs/ejs/ldap.js30
3 files changed, 38 insertions, 27 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 6f60b25a4b..5d3663be33 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -405,6 +405,7 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req)
/* rename */
static int partition_rename(struct ldb_module *module, struct ldb_request *req)
{
+ int i, matched = -1;
/* Find backend */
struct dsdb_control_current_partition *backend, *backend2;
@@ -434,6 +435,22 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
}
+ for (i=0; data && data->partitions && data->partitions[i]; i++) {
+ if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) {
+ matched = i;
+ }
+ }
+
+ if (matched > 0) {
+ ldb_asprintf_errstring(module->ldb,
+ "Cannot rename from %s to %s, subtree rename would cross partition %s: %s",
+ ldb_dn_get_linearized(req->op.rename.olddn),
+ ldb_dn_get_linearized(req->op.rename.newdn),
+ ldb_dn_get_linearized(data->partitions[matched]->dn),
+ ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS));
+ return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
+ }
+
return partition_replicate(module, req, req->op.rename.olddn);
}
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index 267892cf58..8f15f9ed05 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -157,7 +157,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
struct ldb_request *new_req;
struct subtree_rename_context *ac;
int ret;
- struct ldb_search_options_control *search_options;
if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
@@ -189,21 +188,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
return ret;
}
- /* We want to find any partitions under this entry. That way,
- * if we try and rename a whole partition, the partitions
- * module should cause us to fail the lot */
- search_options = talloc(ac, struct ldb_search_options_control);
- if (!search_options) {
- ldb_oom(ac->module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
-
- ret = ldb_request_add_control(new_req, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
ac->down_req = talloc_realloc(ac, ac->down_req,
struct ldb_request *, ac->num_requests + 1);
if (!ac->down_req) {
@@ -221,7 +205,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
static int subtree_rename_wait_none(struct ldb_handle *handle) {
struct subtree_rename_context *ac;
- int i, ret;
+ int i, ret = LDB_ERR_OPERATIONS_ERROR;
if (!handle || !handle->private_data) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js
index 83df3b1cec..4e6f5cb750 100755
--- a/testprogs/ejs/ldap.js
+++ b/testprogs/ejs/ldap.js
@@ -240,7 +240,7 @@ cn: LDAPtestUSER4
assert(ok.error == 0);
}
- println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container");
+ println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))");
var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))");
if (res.error != 0 || res.msgs.length != 1) {
println("Could not find (&(cn=ldaptestuser4)(objectClass=user))");
@@ -248,7 +248,17 @@ cn: LDAPtestUSER4
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn);
+ assert(res.msgs[0].dn == ("cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn));
+
+ println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container");
+ var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))", "cn=ldaptestcontainer2," + base_dn, ldb.SCOPE_SUBTREE);
+ if (res.error != 0 || res.msgs.length != 1) {
+ println("Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn);
+ assert(res.error == 0);
+ assert(res.msgs.length == 1);
+ }
+
+ assert(res.msgs[0].dn == ("cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn));
println("Testing delete of subtree renamed "+res.msgs[0].dn);
ok = ldb.del(res.msgs[0].dn);
@@ -311,7 +321,7 @@ objectClass: user
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptestuser,cn=users," + base_dn);
+ assert(res.msgs[0].dn == ("cn=ldaptestuser,cn=users," + base_dn));
assert(res.msgs[0].cn == "ldaptestuser");
assert(res.msgs[0].name == "ldaptestuser");
assert(res.msgs[0].objectClass[0] == "top");
@@ -320,7 +330,7 @@ objectClass: user
assert(res.msgs[0].objectClass[3] == "user");
assert(res.msgs[0].objectGUID != undefined);
assert(res.msgs[0].whenCreated != undefined);
- assert(res.msgs[0].objectCategory == "cn=Person,cn=Schema,cn=Configuration," + base_dn);
+ assert(res.msgs[0].objectCategory == ("CN=Person,CN=Schema,CN=Configuration," + base_dn));
assert(res.msgs[0].sAMAccountType == 805306368);
// assert(res[0].userAccountControl == 546);
@@ -386,7 +396,7 @@ objectClass: user
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptestcomputer,cn=computers," + base_dn);
+ assert(res.msgs[0].dn == ("cn=ldaptestcomputer,cn=computers," + base_dn));
assert(res.msgs[0].cn == "ldaptestcomputer");
assert(res.msgs[0].name == "ldaptestcomputer");
assert(res.msgs[0].objectClass[0] == "top");
@@ -396,7 +406,7 @@ objectClass: user
assert(res.msgs[0].objectClass[4] == "computer");
assert(res.msgs[0].objectGUID != undefined);
assert(res.msgs[0].whenCreated != undefined);
- assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
+ assert(res.msgs[0].objectCategory == ("CN=Computer,CN=Schema,CN=Configuration," + base_dn));
assert(res.msgs[0].primaryGroupID == 513);
// assert(res.msgs[0].sAMAccountType == 805306368);
// assert(res.msgs[0].userAccountControl == 546);
@@ -489,7 +499,7 @@ objectClass: user
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptest2computer,cn=computers," + base_dn);
+ assert(res.msgs[0].dn == ("cn=ldaptest2computer,cn=computers," + base_dn));
assert(res.msgs[0].cn == "ldaptest2computer");
assert(res.msgs[0].name == "ldaptest2computer");
assert(res.msgs[0].objectClass[0] == "top");
@@ -513,7 +523,7 @@ objectClass: user
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptestuser2,cn=users," + base_dn);
+ assert(res.msgs[0].dn == ("cn=ldaptestuser2,cn=users," + base_dn));
assert(res.msgs[0].cn == "ldaptestuser2");
assert(res.msgs[0].name == "ldaptestuser2");
assert(res.msgs[0].objectClass[0] == "top");
@@ -540,7 +550,7 @@ objectClass: user
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == "cn=ldaptestutf8user èùéìòà,cn=users," + base_dn);
+// assert(res.msgs[0].dn == ("CN=ldaptestutf8user èùéìòà,CN=users," + base_dn));
assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà");
assert(res.msgs[0].name == "ldaptestutf8user èùéìòà");
assert(res.msgs[0].objectClass[0] == "top");
@@ -562,7 +572,7 @@ objectClass: user
if (res.error != 0 || res.msgs.length != 1) {
println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
} else {
- assert(res.msgs[0].dn == "cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn);
+// assert(res.msgs[0].dn == ("cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn));
assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà");
}