Age | Commit message (Collapse) | Author | Files | Lines |
|
this is required when talking to RODCs (for notify calls), and is good
practice for all DCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we use the ADD_REF bit in getncchanges instead
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
we were incorrectly avoiding a getncchanges when WRIT_REP was not set
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
|
|
this ensures we always mark ourselves as writeable when we are not
an RODC
|
|
this avoids a list walk in the calling code
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
we find the NC root then load the uptodateness vector and highwater
mark, if available, from there
|
|
This functionality is needed for DsCrackNames ListRoles command also.
|
|
Test suite for fsmo is extended with a test case for naming master too.
|
|
replica
This fixes the problem when we fail to replicate with
a partner DC that has a newer Schema with attributeSchema
objects with OIDs that we don't have in our local prefixMap.
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a RODC we must supply a partial attribute set in the
getncchanges call
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the repl_secret code needs to set it to avoid too many duplicate
attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
initiate a repl secret extended op when requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
|
|
this is needed to get the repsFrom DNS entry right
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is not part of the rid allocation logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Multiple calls are allowed to run in parallel as long as they don't
conflict.
This also cleans up the variable names in the extended op calls.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa
Conflicts:
source4/dsdb/repl/drepl_ridalloc.c
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
|
|
|
|
|
|
In most cases this will transfer of schema master role to
look like a synchronous operation.
|
|
the IRPC API has changed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
It schedules a getncchanges with extended op 6, to be used when a modify request on
becomeROLEMaster atteibute on rootDSE is received.
|
|
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to
become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute
in its database with the new owner, and replicates the change to the candidate, who then becomes the
owner.
The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who
kindly helped to debug it.
|
|
structures can be used for other extended ops
|
|
run the operation
Operation was scheduled already, so we need to call
the callback function for it to be able to do its job.
For instance, if we are blocking an rpc call until an
operation is completed and there is no memory, then
client will be blocked without knowing what is going on
with the server.
|
|
|
|
and remove few trailing white spaces
|
|
There are many spots where this function may fail
and I find it very useful to know where exactly function
fails and what are the input parameters during testing.
REPLICA_SYNC_FAIL() macro now dumps an error message
so we may remove extra DEBUG() dump in implementation.
|
|
|
|
Sorry for the 'custom' definition first time
|
|
see: MS-DRSR - 4.1.23.2
Note: Synchronious replication not implemented yet.
|
|
|
|
|
|
It is to be used when we need to preserve a state
to be used in tha callback when dreplsrv_out_operation is completed
|
|
internal cache
This IRPC calls is to be used whenever repsFrom/repsTo are
changed by administrative tool or KCC (i.e. Topology changes).
At present, only KCC may change topology.
|
|
replications
|
|
we mark these as incoming_only
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It's useless to get messages like this every few seconds:
dreplsrv_notify: Failed to send DsReplicaSync to
edbf4745-2966-49a7-8653-99200f1c9430._msdcs.samba2003.example.com for
CN=Configuration,DC=samba2003,DC=example,DC=com -
NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE
We have a non bug regarding non-linked DN attributes
and changes of the target DN.
metze
|
|
ridalloc client)
metze
|
|
doesn't return success
metze
|