summaryrefslogtreecommitdiff
path: root/source4/dsdb/repl/replicated_objects.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-29s4-repl: Use ldb_dn_new() to create the rootDSE DNAndrew Bartlett1-1/+5
Based on a patch proposal by Matthieu Patou <mat@matws.net>. Andrew Bartlett
2012-07-29s4-repl: Use NULL for pointer test when checking for ldb_msg_new() failureAndrew Bartlett1-1/+1
2012-07-18s4-dsdb: Ensure we never write read-only objects onto a read-write replicaAndrew Bartlett1-1/+8
We should prevent this much further up the stack, but at least add a choke at this point for now. Additionally, this avoids administrator-forced replications causing considerable damange to the directory. Andrew Bartlett
2012-07-06s4-dsdb: Use parent_object_guid to find the correct parent for new objectsAndrew Bartlett1-0/+11
This allows the parent to be renmaed while a new object is added on another replica. This rename may also be a delete, in which case we must move it to lostandfound. Andrew Bartlett
2012-06-22s4-drs: if schema has changed during replication notify other process that ↵Matthieu Patou1-0/+55
they have to reload the schema
2011-10-04s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICAAndrew Tridgell1-60/+3
this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-repl: support creation of new NCs via DsAddEntryAndrew Tridgell1-0/+84
this adds a flag to dsdb_origin_objects_commit that tells it to create a new NC based on the nCName in a crossRef object
2011-10-04s4-repl: update instanceType in partial_replica replicationAndrew Tridgell1-0/+20
when we receive objects to a partial replica, we need to change the incoming instanceType to not include the INSTANCE_TYPE_WRITE flag. Partial replicas unset this flag.
2011-08-09s4-dsdb clarify that failure to load the schema items from DRS is expectedAndrew Bartlett1-3/+3
This happens if we have a custom schema - we need to build up the schema until it loads, by converting more objects. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
2011-03-01s4-repl/working_schema: Ignore some attributes when bulding working schema cacheKamen Mazdrashki1-0/+9
We don't need all object attributes resolved and converted for a working schema to be functional.
2011-03-01s4-replicated_objects: Implement a mechanism to relax some attributes conversionKamen Mazdrashki1-4/+31
during replicated object convert stage. The problem is that we may have loops in schema graph and we can't resolve those loops in just one pass. Ignoring some attributes conversion will allow us to have a functional schema cache that we can use later to resolve all attribute OIDs on another pass
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-1/+1
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-18s4-drepl: During Schema replication, we need to save updated prefixMap if ↵Kamen Mazdrashki1-0/+18
everything is OK Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
2010-12-18s4-drepl: Make refreshed schema a global oneKamen Mazdrashki1-0/+7
We need to do this as dsdb_reference_schema() function clears "use_global_schema" ldb flag. Basically what is going to happen is that after dsdb_reference_schema() global_schema pointer will continue to point at old schema cache, while "dsdb_schema" for LDB will point at the working_schema. After replication is done, we reset "dsdb_schema" for the ldb with an updated Schema cache, but this leaves global_schema pointer with its old value, which is not up to date. So we need to call dsdb_make_schema_global() again so that global_schema points to a valid Schema cache.
2010-12-17s4-drepl: Reference current Schema cache into working_schema contextKamen Mazdrashki1-1/+1
working_schema is a shallow copy of current schema and thus depends on part of it. So we want it to be around as long as working_schema is used. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
2010-12-15s4-repl: Allow dsdb_replicated_objects_commit() to use different schema ↵Kamen Mazdrashki1-0/+55
while committing objects working_schema is to be used while committing a Schema replica. When we replicate Schema, then we most probably won't be able to convert all replicated objects using the current Schema cache (as we don't know anything about those new objects). Thus, during Schema replication, we make a temporary working_schema that contains both our current Schema + all objects we get on the wire. When we commit those new objects, we should use our working_schema (by setting it to the ldb), and after all changes are commited, we can refresh the schema cache so we have a brand new, full-featured Schema cache
2010-12-01s4:dsdb/repl/replicated_objects.c - proof if "talloc_reference" doesn't ↵Matthias Dieter Wallnöfer1-1/+2
return NULL Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Dec 1 17:14:01 CET 2010 on sn-devel-104
2010-12-01s4-dsdb/schema: Implement multi-pass working schema creation functionKamen Mazdrashki1-0/+132
It is heavily based on implementation in libnet_vampire_cb_apply_schema() function, except that it actually creates a new copy of the supplied initial_schema + resolving all incoming objects and add them to supplied initial_schema. We are going to need this 'working_schema' later so we are able to fully resolve all objects we receive on wire during DRS replication. Working schema created is to be used only as an index to search in. It is not supposed to be set to an ldb_context as it doesn't contain all information for classSchema and attributeSchema objects.
2010-12-01s4-repl: Let dsdb_replicated_objects_convert() to accept schema from callerKamen Mazdrashki1-7/+6
This allows us to use schema that is different than the one set to 'ldb' to decode objects.
2010-11-11s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functionsKamen Mazdrashki1-3/+19
2010-11-11s4-repl: dsdb_extended_replicated_objects_convert -> ↵Kamen Mazdrashki1-12/+12
dsdb_replicated_objects_convert/ It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_extended_replicated_objects_commit -> ↵Kamen Mazdrashki1-3/+3
dsdb_replicated_objects_commit It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_convert_object -> dsdb_origin_object_convertKamen Mazdrashki1-7/+7
It is used in dsdb_origin_objects_commit() func, hence the dsdb_origin_ prefix
2010-10-31idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki1-1/+1
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-10s4-dsdb-repl: Print what the error code for failure isKamen Mazdrashki1-1/+3
2010-09-18s4-drs: Check for schema changes only in case we are *not* applying Schema ↵Kamen Mazdrashki1-8/+19
replica This fixes the problem when we fail to replicate with a partner DC that has a newer Schema with attributeSchema objects with OIDs that we don't have in our local prefixMap.
2010-06-12s4:dsdb Allow calling dsdb_convert_object_ex() directlyAndrew Bartlett1-6/+6
This will allow the libnet_vampire code to manually convert individual schema objects. Andrew Bartlett
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett1-11/+19
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-03-05s4:repl - change also here the counter variables to "unsigned"Matthias Dieter Wallnöfer1-2/+2
I changed also some "uint32_t" to "unsigned" since the LDB interface doesn't specify the bitlength of the unsigned type.
2010-01-14s4-drs: Store uSNUrgent for Urgent ReplicationFernando J V da Silva1-2/+2
When a object or attribute is created/updated/deleted, according to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED for the partitions that it belongs. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21Revert "s4-drs: cope with bogus empty attributes from w2k8-r2"Kamen Mazdrashki1-17/+0
This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c. Next patch should fix the "not recognized ATTIDs" problem Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-repl: give a reason why the prepare commit failedAndrew Tridgell1-1/+2
2009-12-10s4-dsdb: use GUID_to_ndr_blob()Andrew Tridgell1-7/+2
2009-11-28s4-drs: cope with bogus empty attributes from w2k8-r2Andrew Tridgell1-0/+17
w2k8-r2 sometimes sends empty attributes with completely bogus attrid values in a DRS replication response. This allows us to continue with the vampire operation despite these broken elements.
2009-11-16Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-4/+1
"lDAPDisplayName" generator" This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4. abartlet pointed out in a post on the samba-technical list that this isn't necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks functionality of the replication.
2009-11-15s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-1/+4
"lDAPDisplayName" generator Also here we've to be sure to generate the attribute correctly if it doesn't exist yet.
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett1-34/+29
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-06s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by ↵Kamen Mazdrashki1-1/+1
dsdb_schema_pfm_contains_drsuapi_pfm() dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented prefixMap interface. This name was choosen to clearly show, that this a week verification in case we want to determine if remote schema is changed. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-10-07s4-drs: fixed a memory error introduced yesterdayAndrew Tridgell1-1/+1
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
2009-10-06s4-repl: added RELAX control and fix transactionsAndrew Tridgell1-8/+57
Added the RELAX control to dsdb_origin_objects_commit(), as it needs to modify system objects. This patch also fixes the use of ldb transactions in that function, and fixes a memory leak.
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell1-0/+4
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-15s4-repl: don't do double replicationAndrew Tridgell1-1/+34
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-11s4-repl: don't add the RDN if it is already thereAndrew Tridgell1-3/+19
2009-09-11s4-drs: add the magic DRS SPNs on AddEntryAndrew Tridgell1-23/+2
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account.
2009-09-10s4/repl: give a useful error message if we can't decode an objectAndrew Tridgell1-1/+4
2009-09-08s4:drsuapi: add an incomplete DsAddEntry implementationStefan Metzmacher1-8/+157
metze
2009-09-03add the the linked attributes elements to the repl structureAndrew Tridgell1-0/+5
This exposes the linked_attributes to the repl_meta_data module
2009-09-02Wrap DRS changes in a transactionAndrew Tridgell1-0/+18
We should always apply a whole set of DRS changes or none of them. See [MS-DRSR] 3.3.2
2009-07-02decrypt all objects in a DRS record, not just the first oneAndrew Tridgell1-2/+5
We found this as an object came across from w2k3 with zero values, which caused a segv when we tried to decrypt the first value