Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
W2K8 join as a DC relies on being able to ask for the sid component of
extended DNs from the rootDSE DNs
|
|
|
|
The previous commit changed the wrong end - we must fix our server,
not our client.
Andrew Bartlett
|
|
metze
|
|
metze
|
|
|
|
This shouldn't be specified on creation time (Windows Server doesn't allow that).
Hope this also fixes the test (see buildfarm).
|
|
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
|
|
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
|
|
Windows Servers allow OID strings to be used instead of
attribute/class names.
For now we only resolve the OIDs in the search expressions,
the rest will follow.
metze
|
|
|
|
|
|
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS
which are duplicates of entries that we already have. We need to cope
with this by using a remove/add pair in the ldb_modify() to avoid a
"entry already exists" error
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
When a partition is first created it still needs a uSNHighest value
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
|
|
we were setting local_usn after the marshall, so it wasn't going into
the object
|
|
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
|
|
|
|
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.
Andrew Bartlett
|
|
On a rename we need to update uSNChanged, and the max uSN for the
partition
|
|
We could get a double free with multiple linked attributes in a
message
|
|
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
|
|
Michael
|
|
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
|
|
|
|
These are used to load/save the per-partition uSN values managed by
the repl_meta_data module
|
|
You can now attach a partition control to searches to search within a
specific partition. This is used to get at the per-partition
@REPLCHANGED object
|
|
This object tracks the highest uSN in each partition. It will be used
to allow us to efficiently detect changes in a partition for sending
DsReplicaSync messages to our replication partners.
|
|
metze
|
|
The partition module normally makes the sequence number extended op
operate across all partitions. It will be useful in the repl task to
be able to ask for the sequence number of one partition
|
|
These memory leaks were mostly caused by the fact that
refresh_partitions is now called periodically
|
|
we only need to allocate a new sequence number when
replPropertyMetaData is changing or being created on an object
|
|
I think these modules ended up LGPL because someone based the module
on an existing LGPL module in the core ldb, and it spread from
there. Certainly there is no reason for the ldb modules that are not
distributed as part of ldb to be LGPL.
|
|
When changing non-replicated attributes we should not update the
uSNChanged attribute on the record, otherwise the DRS server will
think this record needs replicating.
|
|
If we already have a repsFrom for a particular DC and naming context
then we should not overwrite it, as it contains info on what
replication we've already done
|
|
|
|
|
|
The KCC might have changed repsFrom, which is stored in the partitions
structure
|
|
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon
that works out who will replicate with who in a AD domain. This
implements an extremely simple KCC task that just wants to replicate
with everyone :-)
|
|
thanks to Metze for spotting this
|