On Sun, 2003-03-23 at 06:15, [EMAIL PROTECTED] wrote: > > Date: Sat Mar 22 19:15:50 2003 > Author: vlendec > > Update of /data/cvs/samba/source/passdb > In directory dp.samba.org:/tmp/cvs-serv4745 > > Modified Files: > pdb_ldap.c > Log Message: > This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFY > anymore, but instead look at what is currently stored in the > database. Then we explicitly delete the existing attribute and add the > new value if it is not NULL or "". This way we can handle appearing > and disappearing attributes quite nicely. > > This currently breaks pdbedit -o, as this does not set the CHANGED > flag on the SAM_ACCOUNT.
The way I handled this last time was to have the test being 'if add, then treat DEFAULT as CHANGED', but within pdb_ldap. (ie, on the same line we have the current test) The idea of getting some transaction security is very nice - I was thinking we could reduce the traffic on the LDAP server, and assist this as so: - When we read a user from LDAP, store the LDAP result and DN into a void* 'private' pointer on the SAM_ACCOUNT. Also write a tag so we know it is 'ours'. - When we go to update that record, we use this rather than a freshly found record. - This also saves an LDAP round trip. - Your changes should ensure that if there is a 'lost update' (ie, of any of the fields we have changed change under us) that we can return this to the user. - We should note that NT4 doesn't do this - they allow lost updates, but I would like to better MS on this one, until somebody shows me this breaks something. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
