How to process schemaUpdateNow ldap request - Samba

This is a discussion on How to process schemaUpdateNow ldap request - Samba ; Hi List, I am trying to make schema cache in dsdb_schema to reload with newly added mappings from ldb. This is done by the following ldap request which is valid command for Win2003 dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How to process schemaUpdateNow ldap request

  1. How to process schemaUpdateNow ldap request

    Hi List,

    I am trying to make schema cache in dsdb_schema to reload with newly added mappings from ldb.
    This is done by the following ldap request which is valid command for Win2003

    dn:
    changetype: modify
    add: schemaUpdateNow
    schemaUpdateNow: 1

    I want to process this in rootdse module .modify function, but it's never called and the return message says:

    > ldap_modify_ext: Invalid DN syntax (34)
    > additional info: Invalid DN (1 components needed for 'dn')


    I located the error message in "source\ldap_server\ldap_backend.c" - VALID_DN_SYNTAX macro, but I couldn't find the ldap_modify_ext function.
    I tried to break on all the functions where the macro is used but the gdb couldn't find them.

    Any suggestions how to handle this issue?


    Regards,
    Anatoliy


  2. Re: How to process schemaUpdateNow ldap request

    On Tue, 2008-07-01 at 16:54 +1000, Andrew Bartlett wrote:
    > On Mon, 2008-06-30 at 17:41 +0200, Michael Ströder wrote:
    > > Anatoliy Atanasov wrote:
    > > >
    > > > I am trying to make schema cache in dsdb_schema to reload with newly added mappings from ldb.
    > > > This is done by the following ldap request which is valid command for Win2003
    > > >
    > > > dn:
    > > > changetype: modify
    > > > add: schemaUpdateNow
    > > > schemaUpdateNow: 1
    > > >
    > > > I want to process this in rootdse module .modify function, but it's never called and the return message says:
    > > >
    > > >> ldap_modify_ext: Invalid DN syntax (34)
    > > >> additional info: Invalid DN (1 components needed for 'dn')

    > >
    > > FWIW your DN line in your e-mail above is "dn:". Maybe try it with
    > > "dn: " instead. The space is part of the separator between attribute
    > > type and attribute value.
    > >
    > > See declaration of dn-spec and FILL in RFC 2849.

    >
    > nah, this error occours well past the ldif parsing layer - it's actually
    > a problem on the server.
    >
    > If you look at ldap_server/ldap_backend.c, the macro VALID_DN_SYNTAX
    > takes two argument, the first being the DN, and the second is the number
    > of components it must have. Set that to 0 and you should be right.
    >
    > I don't see why this layer should be trying to determine if a DN is
    > valid (ldb can do that very well itself). This looks like Simo's code,
    > according to 'git blame', so I'll flip-pass this question to him...


    I think we added it before ldb was able to validate, then kept it for
    performance reasons, it make no sense to process the entry if it is
    going to be rejected.
    However a null DN should not be refuse I guess, feel free to patch the
    code to let that DN be considered valid (as it is).

    Simo.

    --
    Simo Sorce
    Samba Team GPL Compliance Officer
    Senior Software Engineer at Red Hat Inc.


+ Reply to Thread