The branch, master has been updated via 768475d s4:dsdb Fix attribute being searched for in dereference against Fedora DS via 68c61df s4:dsdb Make the dereference control critical if input is critical via 379d073 s4:dsdb Don't reload the schema against OpenLDAP backend via 896553a s4:provision Allow OpenLDAP backend to provision again via 9aae504 s4:provision Improved error handling in provisionbackend from 97246f7 s4-test-dssync: Print the reason for skipping FetchNT4Data test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 768475d5716faaf3e730404d44d68f7a3250d861 Author: Andrew Bartlett <abart...@samba.org> Date: Sun Jul 11 23:11:09 2010 +1000 s4:dsdb Fix attribute being searched for in dereference against Fedora DS The problem here is that these attributes are not mapped in the simple_ldap_map, and they were changed a while back. Andrew Bartlett commit 68c61dfa3fa925c63247bef83f10dfa2efa458e6 Author: Andrew Bartlett <abart...@samba.org> Date: Sun Jul 11 23:08:46 2010 +1000 s4:dsdb Make the dereference control critical if input is critical This helps us ensure that the backend knows about and respects the dereference control if our caller has asked that the extended DN control be considered critical. Andrew Bartlett commit 379d073444f7acafb6e5761dd667073ad7371771 Author: Andrew Bartlett <abart...@samba.org> Date: Sun Jul 11 23:07:06 2010 +1000 s4:dsdb Don't reload the schema against OpenLDAP backend The schema should be considered read-only when we are using the OL backend, as we can't update the backend schema in real time anyway. Andrew Bartlett commit 896553a1a85f541f72ab6b45e71d89d00e727791 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Jul 8 11:44:13 2010 +1000 s4:provision Allow OpenLDAP backend to provision again OpenLDAP does not have any post-setup requirements at the moment. Andrew Bartlett commit 9aae50443df5471b91e4d829c0ca0285adeb71bb Author: Zahari Zahariev <zahari.zahar...@postpath.com> Date: Sat Jul 3 21:43:42 2010 +0300 s4:provision Improved error handling in provisionbackend When using OpenLDAP as a backend with Samba4 we get failure during provision and this patch will help better determining the real error. Signed-off-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 6 ++++-- source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 4 ++++ source4/dsdb/samdb/ldb_modules/schema_load.c | 12 +++++++++--- source4/scripting/python/samba/provisionbackend.py | 7 +++++-- 4 files changed, 22 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c index ba4054a..07c0bff 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c @@ -549,6 +549,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request const char * const *const_attrs; struct ldb_context *ldb = ldb_module_get_ctx(module); int ret; + bool critical; struct extended_dn_out_private *p = talloc_get_type(ldb_module_get_private(module), struct extended_dn_out_private); @@ -646,6 +647,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request /* mark extended DN and storage format controls as done */ if (control) { + critical = control->critical; control->critical = 0; } @@ -659,7 +661,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request if (control && p && p->dereference && p->dereference_control) { ret = ldb_request_add_control(down_req, DSDB_OPENLDAP_DEREFERENCE_CONTROL, - false, p->dereference_control); + critical, p->dereference_control); if (ret != LDB_SUCCESS) { return ret; } @@ -824,7 +826,7 @@ static int extended_dn_out_fds_init(struct ldb_module *module) { static const char *attrs[] = { "nsUniqueId", - "objectSID", + "sambaSID", NULL }; diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c index 82f5ec3..cdfc8d7 100644 --- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c +++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c @@ -260,6 +260,10 @@ static int samba_dsdb_init(struct ldb_module *module) backend_modules = openldap_backend_modules; extended_dn_module = extended_dn_module_openldap; } + ret = ldb_set_opaque(ldb, "readOnlySchema", (void*)1); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ldb, "Failed to set readOnlySchema opaque"); + } } #define CHECK_MODULE_LIST \ diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c index 1542018..28c0209 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_load.c +++ b/source4/dsdb/samdb/ldb_modules/schema_load.c @@ -225,9 +225,15 @@ static int dsdb_schema_from_db(struct ldb_module *module, struct ldb_dn *schema_ } (*schema)->refresh_in_progress = true; - (*schema)->refresh_fn = dsdb_schema_refresh; - (*schema)->loaded_from_module = module; - (*schema)->loaded_usn = current_usn; + + /* If we have the readOnlySchema opaque, then don't check for + * runtime schema updates, as they are not permitted (we would + * have to update the backend server schema too */ + if (!ldb_get_opaque(ldb, "readOnlySchema")) { + (*schema)->refresh_fn = dsdb_schema_refresh; + (*schema)->loaded_from_module = module; + (*schema)->loaded_usn = current_usn; + } /* "dsdb_set_schema()" steals schema into the ldb_context */ ret = dsdb_set_schema(ldb, (*schema)); diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py index ccb793f..7a36bdc 100644 --- a/source4/scripting/python/samba/provisionbackend.py +++ b/source4/scripting/python/samba/provisionbackend.py @@ -273,6 +273,8 @@ class LDAPBackend(ProvisionBackend): # and now wait for it to die self.slapd.communicate() + def post_setup(self): + pass class OpenLDAPBackend(LDAPBackend): @@ -538,11 +540,12 @@ class OpenLDAPBackend(LDAPBackend): if not os.path.isdir(self.olcdir): os.makedirs(self.olcdir, 0770) - retcode = subprocess.call([self.slapd_path, "-Ttest", "-n", "0", - "-f", self.slapdconf, "-F", self.olcdir], close_fds=True, + slapd_cmd = [self.slapd_path, "-Ttest", "-n", "0", "-f", self.slapdconf, "-F", self.olcdir] + retcode = subprocess.call(slapd_cmd, close_fds=True, shell=False) if retcode != 0: + self.logger.error("conversion from slapd.conf to cn=config failed slapd started with: %s" % "\'" + "\' \'".join(slapd_cmd) + "\'") raise ProvisioningError("conversion from slapd.conf to cn=config failed") if not os.path.exists(os.path.join(self.olcdir, "cn=config.ldif")): -- Samba Shared Repository