Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The loadparm context on the schema DB might have gone away already.
Pre-cache the schema refresh interval at load time to avoid worrying
about this.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
A NULL string/expression returns the generic "(objectClass=*)" filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
In that log, over 2.5 days this particular allocation was repeated:
1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104
|
|
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and
to be more careful about what schema is set (only setting a global schema if
the original schema was global).
In particular, the new working_schema is not given a talloc reference
to the old schema. This ensures that the old schema can go away when
no longer used.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
|
|
These sequence numbers were only used for telling if the schema was
changed, and are no longer directly related to the replication USN.
The per-partition replication USN can be obtained from the
@REPLCHANGED record on the per-partition database, and this is done
with an ldb_search().
Andrew Bartlett
|
|
This way we do not track both the partition seq number and the
replication USN for schema reload purposes.
We only need one indication of actual data change, and the replication
per-partition sequence number is no more expensive to obtain than the
ldb per-partition sequence number.
Andrew Bartlett
|
|
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
|
|
In all callers, we must already have a attributeID for each of the
values or else we would have already given an error, or could not have
obtained the message over DRS.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104
|
|
This ensures that we do not add objects that should go into a partition, but we
simply return that an object is not present if the connection was created
before the partition was loaded. It is rare to create a new partition.
Andrew Bartlett
|
|
This matches the rest of the function.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 06:26:36 CEST 2012 on sn-devel-104
|
|
partition_primary_sequence_number
We always want LDB_SEQ_HIGHEST_SEQ here.
Andrew Bartlett
|
|
This simple operation does not need to be encased in generic ldb extended operations.
Andrew Bartlett
|
|
We do not need to reload the partition list to get the global sequence
number, as that number is stored in the metadata.tdb, not the ldb files.
Andrew Bartlett
|
|
This allows a lastKnownParent from LostAndFound to be replaced.
Andrew Bartlett
|
|
When we call ldb_module_done() rather than just calling the callback, we make log entries
that are critical in debugging.
Andrew Bartlett
|
|
Previously we would only consider renaming the local object, now we can cope with
renaming the remote object as well.
This should avoid most of the cases where Samba AD replication can just stop.
Andrew Bartlett
|
|
parent
This fixes up the lastKnownParent attribute on lostAndFound objects to have a GUID
(found by dbcheck).
Andrew Bartlett
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
|
|
|
|
add debugging
The logic looking for LostAndFound failed for a user, so add extensive
debugging to make this eaiser to trace down in future.
Andrew Bartlett
|
|
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.
Andrew Bartlett
|
|
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.
Andrew Bartlett
|
|
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
|
|
|
|
|
|
This allows the parent to be renmaed while a new object is added on another replica.
This rename may also be a delete, in which case we must move it to lostandfound.
Andrew Bartlett
|
|
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.
Andrew Bartlett
|
|
|
|
modifyTimeStamp is a generated attribute, for most object it's generated
directly from the whenChanged attribute. But for the CN=aggregate object
in the schema we have to handle it in a different way, that's because
for this object whenChanged!=modifyTimeStamp (as checked against Windows
2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the
most recently modified and loaded schema object (that is to the one with
the highest USN before the schema was reload due to timeout or by the
reloadSchemaNow command).
Some third party are using this information to know if they have to
update their schema cache and also to check that schema updates have
been correctly reloaded by the DC, a good example of this behavior is
exchange 2010.
|
|
If the value has changed then reload the schema, this means that now the
schema is only reloaded on a periodical basis or if we have been asked
explicitly to do it and not necesserly if the schema partition has
changed.
|
|
The idea is to signal to other process accessing the database that the
schema was forced to be reloaded and so they should reload as well.
|
|
|
|
|
|
|
|
|
|
we are a GC
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
|
|
|
|
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
|
|
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
or 120). The timestamp of the last reloaded schema is kept in the
dsdb_schema object. There is also a timestamp in the ldb_context, that
is used by the LDAP server to know if it has to reload the schema after
handling the request. This is used to allow that the schema will be
immediately reload after a schemaUpdateNow request has been issued, the
reload can't occur in the handling of the LDAP request itself because
we have a transaction autostarted.
|
|
|
|
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
To remove finddcs_nbt these missing deps need to be added. These
subsystems linked to to implicit dependencies provided by finddcs.
Due to the new arrangmenet of subsystems, MESSAGING needs to be a
private library to avoid being a source of duplicate symbols.
Andrew Bartlett
|
|
Thanks to Matthieu Patou <mat@matws.net> for pointing it out.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
control is presented
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
|