summaryrefslogtreecommitdiff
path: root/source4/dsdb/repl
AgeCommit message (Collapse)AuthorFilesLines
2010-01-09s4-drs: add a local UDV entry even when no replUpToDateVector present on NCAndrew Tridgell1-3/+3
This allows us to filter correctly for a NC that we have created but not pulled from anyone.
2010-01-09s4-drs: give DN of failed replication partitionAndrew Tridgell1-4/+5
2010-01-09s4-drs: calculate and send a uptodateness_vector with replication requestsAndrew Tridgell2-7/+82
This stops us getting objects changes twice if they came via an indirect path.
2010-01-08s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_reqStefan Metzmacher3-158/+199
metze Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-08s4-repl: implement MSG_DREPL_ALLOCATE_RIDAndrew Tridgell2-19/+48
When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID Manager to ask for another RID pool. We use a callback on completion of the operation to make sure that we don't have two RID allocation requests in flight at once Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-repl: allow for callbacks when a repl operation completesAndrew Tridgell3-4/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-repl: added request for RID allocation in drepl taskAndrew Tridgell6-12/+274
The drepl task now checks to see if our rIDAllocationPool is exhausted, and if it is then we queue a extended operation DsGetNCChanges call to ask the RID Manager to give us a new allocation pool. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-04s4:dsdb/repl: convert dreplsrv_out_drsuapi_send/recv to tevent_reqStefan Metzmacher2-99/+127
metze
2009-12-21Revert "s4-drs: cope with bogus empty attributes from w2k8-r2"Kamen Mazdrashki1-17/+0
This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c. Next patch should fix the "not recognized ATTIDs" problem Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-repl: give a reason why the prepare commit failedAndrew Tridgell1-1/+2
2009-12-21s4-repl: only try to replicate for NCs that we are a master forAndrew Tridgell1-4/+3
2009-12-21s4-repl: lower debug level of a common messageAndrew Tridgell1-1/+1
2009-12-10s4-dsdb: use GUID_to_ndr_blob()Andrew Tridgell1-7/+2
2009-11-28s4-drs: cope with bogus empty attributes from w2k8-r2Andrew Tridgell1-0/+17
w2k8-r2 sometimes sends empty attributes with completely bogus attrid values in a DRS replication response. This allows us to continue with the vampire operation despite these broken elements.
2009-11-16Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-4/+1
"lDAPDisplayName" generator" This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4. abartlet pointed out in a post on the samba-technical list that this isn't necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks functionality of the replication.
2009-11-15s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-1/+4
"lDAPDisplayName" generator Also here we've to be sure to generate the attribute correctly if it doesn't exist yet.
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett2-44/+49
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-06s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by ↵Kamen Mazdrashki1-1/+1
dsdb_schema_pfm_contains_drsuapi_pfm() dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented prefixMap interface. This name was choosen to clearly show, that this a week verification in case we want to determine if remote schema is changed. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-10-25s4-samdb: reduce the number of samdb opens at startupAndrew Tridgell1-6/+3
Using common parameters means that the ldb_wrap code can return a reference rather than a new database
2009-10-15s4-dsdb: added samdb_rodc() and samdb_ntds_options()Andrew Tridgell1-1/+1
Later we will need to make samdb_rodc() look in the database, but for now we should at least have the function in a central place
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-2/+1
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-07s4-drs: fixed a memory error introduced yesterdayAndrew Tridgell1-1/+1
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
2009-10-06s4-repl: added RELAX control and fix transactionsAndrew Tridgell1-8/+57
Added the RELAX control to dsdb_origin_objects_commit(), as it needs to modify system objects. This patch also fixes the use of ldb transactions in that function, and fixes a memory leak.
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell1-0/+4
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-19s4:dsdb Print the partition we failed to suggest replication forAndrew Bartlett1-1/+2
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell3-10/+12
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-09-16s4-repl: raise a debug levelAndrew Tridgell1-1/+1
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell1-5/+3
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-repl: don't do double replicationAndrew Tridgell2-2/+36
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-14s4-repl: fall back to repsFrom if repsTo not setAndrew Tridgell1-2/+4
Windows does not seem to be always setting up repsTo using DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo is empty. This is almost certainly incorrect, but it does get notification based replication working with both w2k3 and w2k8.
2009-09-13s4-repl: added a preiodic notification check to the repl taskAndrew Tridgell6-3/+478
The dreplsrv_notify code checks the partition uSN values every N seconds, and if one has changed then it sends a DsReplicaSync to all the replication partners listed in the repsTo attribute for the partition.
2009-09-12s4-repl: fixed memory leaksAndrew Tridgell3-12/+31
These memory leaks were mostly caused by the fact that refresh_partitions is now called periodically
2009-09-11s4-repl: refresh the partitions on each cycleAndrew Tridgell2-3/+4
The KCC might have changed repsFrom, which is stored in the partitions structure
2009-09-11s4-repl: don't add the RDN if it is already thereAndrew Tridgell1-3/+19
2009-09-11s4-drs: add the magic DRS SPNs on AddEntryAndrew Tridgell1-23/+2
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account.
2009-09-10s4/repl: give a useful error message if we can't decode an objectAndrew Tridgell1-1/+4
2009-09-09s4/repl: implement DsReplicaSyncAndrew Tridgell2-0/+42
This patch implements DsReplicaSync by passing the call via irpc to the repl server task. The repl server then triggers an immediate replication of the specified partition. This means we no longer need to set a small value for dreplsrv:periodic_interval to force frequent DRS replication. We can now wait for the DC to send us a ReplicaSync msg for any partition that changes, and we immediately sync that partition.
2009-09-09s4/repl: added refresh of repsToAndrew Tridgell1-1/+87
I've found that w2k3 deletes the repsTo records we carefully created in the vampire join if we don't refresh them frequently. After about 30mins all 3 repsTo records are gone. This patch adds automatic refresh of the repsTo by calling DSReplicaUpdateRefs every time we do a sync cycle with the server
2009-09-08s4:drsuapi: add an incomplete DsAddEntry implementationStefan Metzmacher1-8/+157
metze
2009-09-03add the the linked attributes elements to the repl structureAndrew Tridgell1-0/+5
This exposes the linked_attributes to the repl_meta_data module
2009-09-03tell the server that we support linked attribute replicationAndrew Tridgell1-6/+1
2009-09-02Wrap DRS changes in a transactionAndrew Tridgell1-0/+18
We should always apply a whole set of DRS changes or none of them. See [MS-DRSR] 3.3.2
2009-07-31s4: Correct renamed constantsMatthias Dieter Wallnöfer1-2/+2
2009-07-02decrypt all objects in a DRS record, not just the first oneAndrew Tridgell1-2/+5
We found this as an object came across from w2k3 with zero values, which caused a segv when we tried to decrypt the first value
2009-04-14Move DRSUAPI per-attribute decryption into a common fileAndrew Bartlett1-158/+2
This file (contining metze's decryption routines) is now also be used by Samba3's DRSUAPI implementation Andrew Bartlett
2009-02-02s4:service_task: s/private/private_dataStefan Metzmacher1-1/+1
metze
2009-01-30Fix the mess with ldb includes.Simo Sorce1-1/+1
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher2-3/+3
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-20Now store the GUID and SID from a DN over DRSUAPI into ldb.Andrew Bartlett1-1/+1
Until the extended DN work was compleated, there was no way to store the additional metadata. Andrew Bartlett