Re: How to process schemaUpdateNow ldap request - Samba

This is a discussion on Re: How to process schemaUpdateNow ldap request - Samba ; I did the patch for the dn, and no problem with that now -------------------------------------------------------- diff --git a/source/ldap_server/ldap_backend.c b/source/ldap_server/ldap_backend.c index 9047773..2193c98 100644 --- a/source/ldap_server/ldap_backend.c +++ b/source/ldap_server/ldap_backend.c @@ -348,7 +348,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); dn = ldb_dn_new(local_ctx, samdb, req->dn); ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: How to process schemaUpdateNow ldap request

  1. Re: How to process schemaUpdateNow ldap request

    I did the patch for the dn, and no problem with that now
    --------------------------------------------------------
    diff --git a/source/ldap_server/ldap_backend.c b/source/ldap_server/ldap_backend.c
    index 9047773..2193c98 100644
    --- a/source/ldap_server/ldap_backend.c
    +++ b/source/ldap_server/ldap_backend.c
    @@ -348,7 +348,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
    NT_STATUS_HAVE_NO_MEMORY(local_ctx);

    dn = ldb_dn_new(local_ctx, samdb, req->dn);
    - VALID_DN_SYNTAX(dn, 1);
    + VALID_DN_SYNTAX(dn, 0);

    DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
    ---------------------------------------------------------
    There is another error now:
    "additional info: attribute schemaUpdateNow is not a valid attribute in schema"
    That happens in dsdb\samdb\ldb_modules\objectclass.c: fix_attributes function


    ----- Original Message -----
    > From: simo
    > To: Andrew Bartlett
    > Cc: Michael Ströder , Anatoliy Atanasov , samba-technical@lists.samba.org
    > Sent: Tuesday, July 1, 2008 3:45:57 PM GMT+0200 Europe;Athens
    > Subject: Re: How to process schemaUpdateNow ldap request


    > > On Tue, 2008-07-01 at 16:54 +1000, Andrew Bartlett wrote:
    > > On Mon, 2008-06-30 at 17:41 +0200, Michael Ströder wrote:
    > > > Anatoliy Atanasov wrote:
    > > > >
    > > > > I am trying to make schema cache in dsdb_schema to reload with

    > newly added mappings from ldb.
    > > > > This is done by the following ldap request which is valid

    > command for Win2003
    > > > >
    > > > > dn:
    > > > > changetype: modify
    > > > > add: schemaUpdateNow
    > > > > schemaUpdateNow: 1
    > > > >
    > > > > I want to process this in rootdse module .modify function, but

    > it's never called and the return message says:
    > > > >
    > > > >> ldap_modify_ext: Invalid DN syntax (34)
    > > > >> additional info: Invalid DN (1 components needed for

    > 'dn')
    > > >
    > > > FWIW your DN line in your e-mail above is "dn:". Maybe try it with
    > > > "dn: " instead. The space is part of the separator between

    > attribute
    > > > type and attribute value.
    > > >
    > > > See declaration of dn-spec and FILL in RFC 2849.

    > >
    > > nah, this error occours well past the ldif parsing layer - it's

    > actually
    > > a problem on the server.
    > >
    > > If you look at ldap_server/ldap_backend.c, the macro VALID_DN_SYNTAX
    > > takes two argument, the first being the DN, and the second is the

    > number
    > > of components it must have. Set that to 0 and you should be right.
    > >
    > > I don't see why this layer should be trying to determine if a DN is
    > > valid (ldb can do that very well itself). This looks like Simo's

    > code,
    > > according to 'git blame', so I'll flip-pass this question to him...

    >
    > I think we added it before ldb was able to validate, then kept it for
    > performance reasons, it make no sense to process the entry if it is
    > going to be rejected.
    > However a null DN should not be refuse I guess, feel free to patch the
    > code to let that DN be considered valid (as it is).
    >
    > Simo.
    >
    > --
    > Simo Sorce
    > Samba Team GPL Compliance Officer
    > Senior Software Engineer at Red Hat Inc.



  2. Re: How to process schemaUpdateNow ldap request

    Anatoliy Atanasov schrieb:
    > I did the patch for the dn, and no problem with that now
    > --------------------------------------------------------
    > diff --git a/source/ldap_server/ldap_backend.c b/source/ldap_server/ldap_backend.c
    > index 9047773..2193c98 100644
    > --- a/source/ldap_server/ldap_backend.c
    > +++ b/source/ldap_server/ldap_backend.c
    > @@ -348,7 +348,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
    > NT_STATUS_HAVE_NO_MEMORY(local_ctx);
    >
    > dn = ldb_dn_new(local_ctx, samdb, req->dn);
    > - VALID_DN_SYNTAX(dn, 1);
    > + VALID_DN_SYNTAX(dn, 0);
    >
    > DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
    > ---------------------------------------------------------
    > There is another error now:
    > "additional info: attribute schemaUpdateNow is not a valid attribute in schema"
    > That happens in dsdb\samdb\ldb_modules\objectclass.c: fix_attributes function


    you need to catch this in the rootdse module and pass down a special
    extented operation request down to the schema_fsmo module, so that the
    checks are bypassed.

    metze


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.7 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIazsWm70gjA5TCD8RAmBmAJ9JKbq0USOGFqTScccTMI kqgscgKwCfV1Ut
    WjJtZZc4gOI8B17D9cVk4/M=
    =I3va
    -----END PGP SIGNATURE-----


+ Reply to Thread