Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
w2k8-r2 sometimes sends empty attributes with completely bogus attrid
values in a DRS replication response. This allows us to continue with
the vampire operation despite these broken elements.
|
|
"lDAPDisplayName" generator"
This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.
abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.
|
|
"lDAPDisplayName" generator
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
|
|
This will allow us in future to do tests on the LDB values we generate
from the DRS replication.
Andrew Bartlett
|
|
dsdb_schema_pfm_contains_drsuapi_pfm()
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.
This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
|
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
|
|
Added the RELAX control to dsdb_origin_objects_commit(), as it needs
to modify system objects. This patch also fixes the use of ldb
transactions in that function, and fixes a memory leak.
|
|
These additional debug messages were added to help us track down
w2k8->s4 domain join
|
|
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
|
|
|
|
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
|
|
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
|
|
These memory leaks were mostly caused by the fact that
refresh_partitions is now called periodically
|
|
The KCC might have changed repsFrom, which is stored in the partitions
structure
|
|
|
|
When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.
|
|
|
|
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.
This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
|
|
I've found that w2k3 deletes the repsTo records we carefully created
in the vampire join if we don't refresh them frequently. After about
30mins all 3 repsTo records are gone.
This patch adds automatic refresh of the repsTo by calling
DSReplicaUpdateRefs every time we do a sync cycle with the server
|
|
metze
|
|
This exposes the linked_attributes to the repl_meta_data module
|
|
|
|
We should always apply a whole set of DRS changes or none of them. See
[MS-DRSR] 3.3.2
|
|
|
|
We found this as an object came across from w2k3 with zero values,
which caused a segv when we tried to decrypt the first value
|
|
This file (contining metze's decryption routines) is now also be used by
Samba3's DRSUAPI implementation
Andrew Bartlett
|
|
metze
|
|
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
Until the extended DN work was compleated, there was no way to store
the additional metadata.
Andrew Bartlett
|
|
Guenther
|
|
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
metze
(This used to be commit 4b054cee51c39c5430bcadd5c06a94dc3e6b0d8f)
|
|
metze
(This used to be commit 7dee6fb62d5adbd2eaaaf4d8ba9e87a72ef9f94b)
|
|
To make it work against w2k8.
Michael
(This used to be commit a8aea9274170a2b472c45c97a4904bd299d2a92e)
|
|
Michael
(This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)
|
|
metze
(This used to be commit 35c7fa470a7433d081403b2b57a331c7dc287aef)
|
|
metze
(This used to be commit 511847f5f5015bcdef69e80b91cb08ffb1690e59)
|
|
metze
(This used to be commit 4e0708148a121bd41a12abf6122d5d6f3f09667a)
|
|
metze
(This used to be commit d41b3dd6ffc4fd894bc05798dbc2ff4b53933a06)
|