summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell1-5/+3
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-repl: don't do double replicationAndrew Tridgell2-2/+36
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-15s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2-4/+4
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-15s4:schema Add code to provide an index into the subClass treeAndrew Bartlett2-1/+27
In time, this should avoid the astounding (order) complexity of the objectclass sorting in objectclass.c eventually. Andrew Bartlett
2009-09-14s4-repl: handle rename in repl_meta_dataAndrew Tridgell1-0/+97
On a rename we need to update uSNChanged, and the max uSN for the partition
2009-09-14s4-repl: fixed a memory error handling linked attributesAndrew Tridgell1-10/+10
We could get a double free with multiple linked attributes in a message
2009-09-14s4-repl: fall back to repsFrom if repsTo not setAndrew Tridgell1-2/+4
Windows does not seem to be always setting up repsTo using DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo is empty. This is almost certainly incorrect, but it does get notification based replication working with both w2k3 and w2k8.
2009-09-14dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)Michael Adam1-1/+0
Michael
2009-09-13s4-repl: added a preiodic notification check to the repl taskAndrew Tridgell7-4/+480
The dreplsrv_notify code checks the partition uSN values every N seconds, and if one has changed then it sends a DsReplicaSync to all the replication partners listed in the repsTo attribute for the partition.
2009-09-13s4-repl: use the new dsdb partition uSN helper fnsAndrew Tridgell1-78/+16
2009-09-13s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usnAndrew Tridgell1-0/+146
These are used to load/save the per-partition uSN values managed by the repl_meta_data module
2009-09-13s4-sam: allow a search to specify a partitionAndrew Tridgell1-2/+17
You can now attach a partition control to searches to search within a specific partition. This is used to get at the per-partition @REPLCHANGED object
2009-09-13s4-repl: keep a @REPLCHANGED object on each partitionAndrew Tridgell1-24/+310
This object tracks the highest uSN in each partition. It will be used to allow us to efficiently detect changes in a partition for sending DsReplicaSync messages to our replication partners.
2009-09-12s4:repl_meta_data: increment the attribute version with each changeStefan Metzmacher1-1/+2
metze
2009-09-12s4-samdb: make it possible to ask for the sequence number of a partitionAndrew Tridgell1-0/+9
The partition module normally makes the sequence number extended op operate across all partitions. It will be useful in the repl task to be able to ask for the sequence number of one partition
2009-09-12s4-repl: fixed memory leaksAndrew Tridgell3-12/+31
These memory leaks were mostly caused by the fact that refresh_partitions is now called periodically
2009-09-12s4-repl: don't be too eager to allocate new sequence numbersAndrew Tridgell1-7/+9
we only need to allocate a new sequence number when replPropertyMetaData is changing or being created on an object
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell8-95/+63
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-09-12s4-repl: we should only update uSNChanged when replication data changesAndrew Tridgell1-29/+39
When changing non-replicated attributes we should not update the uSNChanged attribute on the record, otherwise the DRS server will think this record needs replicating.
2009-09-12s4-kcc: we should only add to the repsFrom if it doesn't already existAndrew Tridgell2-45/+182
If we already have a repsFrom for a particular DC and naming context then we should not overwrite it, as it contains info on what replication we've already done
2009-09-12repl_meta_data: Fix include path when building with standalone ldb.Jelmer Vernooij1-1/+1
2009-09-11s4-vampire: cope with no invocationID when vampiring the schemaAndrew Tridgell1-3/+4
2009-09-11s4-repl: refresh the partitions on each cycleAndrew Tridgell2-3/+4
The KCC might have changed repsFrom, which is stored in the partitions structure
2009-09-11s4-kcc: add a very simple KCCAndrew Tridgell4-0/+533
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon that works out who will replicate with who in a AD domain. This implements an extremely simple KCC task that just wants to replicate with everyone :-)
2009-09-11s4-repl: don't update replPropertyMetaData for non-replicated attributesAndrew Tridgell1-0/+7
thanks to Metze for spotting this
2009-09-11s4-repl: on every ldb modify we need to update replPropertyMetaDataAndrew Tridgell1-8/+171
Every time we change a ldb object with the repl_meta_data module loaded we need to update the replPropertyMetaData attribute to fix the timestamps and USNs of the attributes being changed.
2009-09-11s4-repl: don't add the RDN if it is already thereAndrew Tridgell1-3/+19
2009-09-11s4-drs: add the magic DRS SPNs on AddEntryAndrew Tridgell1-23/+2
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account.
2009-09-10s4/repl: give a useful error message if we can't decode an objectAndrew Tridgell1-1/+4
2009-09-10s4/schema: teach the schema_syntax code how to encode/decode more attributesAndrew Tridgell1-0/+104
We were trying to encode strings like 'top' as integers, without first looking them up in our schema. We need special handling for all the attributes that contain attributeID_id or governsID_id fields that should be translated first before encoding.
2009-09-10s4/schema: don't crash if we don't have subClassOfAndrew Tridgell1-2/+7
2009-09-09s4/repl: implement DsReplicaSyncAndrew Tridgell2-0/+42
This patch implements DsReplicaSync by passing the call via irpc to the repl server task. The repl server then triggers an immediate replication of the specified partition. This means we no longer need to set a small value for dreplsrv:periodic_interval to force frequent DRS replication. We can now wait for the DC to send us a ReplicaSync msg for any partition that changes, and we immediately sync that partition.
2009-09-09s4/repl: added refresh of repsToAndrew Tridgell1-1/+87
I've found that w2k3 deletes the repsTo records we carefully created in the vampire join if we don't refresh them frequently. After about 30mins all 3 repsTo records are gone. This patch adds automatic refresh of the repsTo by calling DSReplicaUpdateRefs every time we do a sync cycle with the server
2009-09-08s4:repl_meta_data: remove unused codeStefan Metzmacher1-11/+0
metze
2009-09-08s4:drsuapi: add an incomplete DsAddEntry implementationStefan Metzmacher1-8/+157
metze
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-104/+0
2009-09-07s4:dsdb: correctly implement _dsdb_syntax_OID_oid_ldb_to_drsuapi()Stefan Metzmacher1-1/+31
Here we just need to map the oid string in the ldb value to the ATTRTYP id. metze
2009-09-07s4:simple_ldap_map - "primaryGroupId"Matthias Dieter Wallnöfer1-4/+15
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
2009-09-07s4:samldb - Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-09-07s4:subtree delete module - Cosmetic adaptionsMatthias Dieter Wallnöfer1-11/+16
2009-09-07s4:samldb - Major reworkMatthias Dieter Wallnöfer1-243/+1000
This fixes up the change of the primary group of a user when using the ADUC console: - When the "primaryGroupId" attribute changes, we have to delete the "member"/"memberOf" attribute reference of the new primary group and add one for the old primary group. - Deny deletion of primary groups according to Windows Server (so we cannot have invalid "primaryGroupID" attributes in our AD). - We cannot add a primary group directly before it isn't a secondary one of a user account. - We cannot add a secondary reference ("member" attribute) when the group has been chosen as primary one. This also removes the LDB templates which are basically overhead now. This should also fix bug #6599.
2009-09-06s4:simple_ldap_map - Enhance it for supporting "primaryGroupID" in the right wayMatthias Dieter Wallnöfer1-14/+25
2009-09-06s4:"linked attributes" modules - correct the commentsMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4:dsdb/common/util.c - Copy parameters to prevent segfaultsMatthias Dieter Wallnöfer1-3/+8
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
2009-09-06s4:dsdb/common/util - Indentation fixesMatthias Dieter Wallnöfer1-4/+5
2009-09-04s4: fixed a missing NULL termination in a attribute list passed to ldb_searchAndrew Tridgell1-1/+1
2009-09-03Fix the dsdb_syntax_OID_ldb_to_drsuapi functionAnatoliy Atanasov1-1/+51
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function, which was left as a TODO code. Implementation in both added functions is completely identical and probably should differ in the future.
2009-09-03another large change to the linked_attribute moduleAndrew Tridgell1-20/+64
This one copes with deleted objects where linked attributes have been set on the module. We hit this when we do the ldb wipe at the start of a provision, which trigers linked attribute updates, but for objects that have disappeared. We need to ensure that the linked attribute updates only happen on the right object, and if the object gets re-created (as happens with a provision) then it is not the right object. To cope with this we record the GUID of the object when the operation that triggered the linked attribute update comes in, and then find the DN by suing that GUID when we apply the change in the prepare commit hook.