From d471e52d23bf89e472c34c58dd9f113e669323a4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 13 Dec 2006 11:19:51 +0000 Subject: r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893) --- source4/ldap_server/ldap_server.c | 45 ++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 82fc1d9660..c459c27961 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,7 +40,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "system/network.h" #include "lib/socket/netif.h" - +#include "dsdb/samdb/samdb.h" /* close the socket and shutdown a server_context */ @@ -245,8 +245,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) } ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(tmp_ctx, res); - if (ret != LDB_SUCCESS || res->count != 1) { + + if (res->count != 1) { goto failed; } @@ -262,8 +267,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) } ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(tmp_ctx, res); - if (ret != LDB_SUCCESS || res->count != 1) { + + if (res->count != 1) { goto failed; } @@ -431,6 +441,11 @@ static NTSTATUS add_socket(struct event_context *event_context, { uint16_t port = 389; NTSTATUS status; + const char *attrs[] = { "options", NULL }; + int ret; + struct ldb_result *res; + struct ldb_context *ldb; + int options; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); @@ -450,8 +465,28 @@ static NTSTATUS add_socket(struct event_context *event_context, } } - /* if we are a PDC, then also enable the global catalog server port, 3268 */ - if (lp_server_role() == ROLE_DOMAIN_PDC) { + /* Load LDAP database */ + ldb = samdb_connect(ldap_service, system_session(ldap_service)); + if (!ldb) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + /* Query cn=ntds settings,.... */ + ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, &res); + if (ret) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + if (res->count != 1) { + talloc_free(res); + return NT_STATUS_NOT_FOUND; + } + + options = ldb_msg_find_attr_as_int(res->msgs[0], "options", 0); + talloc_free(res); + talloc_free(ldb); + + /* if options attribute is 1, then enable the global catlog */ + if (options == 1) { port = 3268; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); -- cgit