| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
it exists
|
|
Depending on which NC is being replicated, GetNCChanges() returns
either ATTID based on local prefixMap or msDs-IntId value of
the attributeSchema class for the attribute being replicated.
If set, msDs-IntId value is always returned when replicating
object form NC other than Schema NC.
Objects in Schema NC replica always use prefixMap based ATTIDs.
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Windows gives them in chunks, but I don't know the correct
rule to calculate the chunk size.
For now I'll use 1500 as the max size.
Windows isn't happy when it gets ~ 100000 linked attributes in one
response. It corrupts its directory index and later moves some objects
to the LostAndFound folder.
metze
|
|
|
|
|
|
this is an alternative way of establishing repsTo
|
|
This includes deleted partitions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This checks whether a replication client is a RODC by inclusion of the
the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Non-administrator replication checks the invocationId matches
the sid of the user token being used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
|
|
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
|
|
The replPropertyMetaData may contain attrid values that we don't yet
have in the local schema. We need to deal with this - it is a serious
error, but we should not segfault.
Andrew Bartlett
|
|
No need to have "signed" counters at those places.
|
|
|
|
|
|
|
|
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
|
|
in getncchanges and repl task we don't need the extra load and sort
any more.
|
|
|
|
|
|
for extended operations comparing to the ncRoot_dn is not correct
|
|
|
|
|
|
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
|
|
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
|
|
|
|
|
|
It is nice to see when a RID Alloc is successful
|
|
This allocates a RID pool for the client DC when we are the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows for more flags in the future
|
|
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
|
|
This makes the code considerably more readable
|
|
|
|
This ensures that a link is not seen before the object it points to
|
|
We were sending zero GUIDs. Not good!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
|
|
We should overwrite an existing entry if found
|
|
Added two debugging parametric options
drs:max object sync =
drs:extra filter =
|
|
We need to send non-upgraded links using the old format
|
|
|
|
- Reorder them as specified in "operational.c"
- Add also the lan manager hash password attribute
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Now that parentGUID is reliable again, use it instead
of building our own
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
When windows abandons a DRS sync, it will sometimes re-use the same bind handle for
a new sync. This means we need to check the DN of the sync and blank the getnc_state
if the DN has changed.
This also fixes the UDV to use the highest uSN for the partition, not for
the whole SAM.
|
