*/
static int replmd_update_rpmd(struct ldb_module *module,
const struct dsdb_schema *schema,
+ struct ldb_request *req,
struct ldb_message *msg, uint64_t *seq_num,
time_t t,
bool *is_urgent)
return LDB_ERR_OPERATIONS_ERROR;
}
+ /*we have elements that will be modified*/
+ if (msg->num_elements > 0) {
+ /*if we are RODC and this is a DRSR update then its ok*/
+ if (samdb_rodc(ldb) && !ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
+ return LDB_ERR_REFERRAL;
+ }
+ }
+
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *old_el;
old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
time_t t = time(NULL);
int ret;
bool is_urgent = false;
+ struct loadparm_context *lp_ctx;
+ struct ldb_reply *ares;
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.mod.message->dn)) {
}
ldb = ldb_module_get_ctx(module);
+ lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+ struct loadparm_context);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
ldb_msg_remove_attr(msg, "whenChanged");
ldb_msg_remove_attr(msg, "uSNChanged");
- ret = replmd_update_rpmd(module, ac->schema, msg, &ac->seq_num, t, &is_urgent);
+ ret = replmd_update_rpmd(module, ac->schema, req, msg, &ac->seq_num, t, &is_urgent);
+ if (ret == LDB_ERR_REFERRAL) {
+ talloc_free(ac);
+ ares = talloc_zero(req, struct ldb_reply);
+ if ( ares == NULL ){
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ares->type = LDB_REPLY_REFERRAL;
+ ares->referral = talloc_asprintf(ares,
+ "ldap://%s/%s",
+ lp_dnsdomain(lp_ctx),
+ ldb_dn_get_linearized(msg->dn));
+ ares->error = ret;
+
+ return ldb_module_done(req, ares->controls, ares->response, ares->error);
+ }
+
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
git.samba.org / anatoliy / anatoliy.git / commitdiff