s4:dsdb Don't reload the schema against OpenLDAP backend

The schema should be considered read-only when we are using the OL
backend, as we can't update the backend schema in real time anyway.

Andrew Bartlett

diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 82f5ec39d41539debd66d99e93781423b5426814..cdfc8d71839a6efce8770cef4901e0ef673ec6f7 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -260,6 +260,10 @@ static int samba_dsdb_init(struct ldb_module *module)
                        backend_modules = openldap_backend_modules;
                        extended_dn_module = extended_dn_module_openldap;
                }
+               ret = ldb_set_opaque(ldb, "readOnlySchema", (void*)1);
+               if (ret != LDB_SUCCESS) {
+                       ldb_set_errstring(ldb, "Failed to set readOnlySchema opaque");
+               }
        }
 
 #define CHECK_MODULE_LIST \

diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index 15420181bad5a948168804b5fc6867ce9b9db5de..28c02099d34482cb8fc798eb512c3dbe22467b89 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -225,9 +225,15 @@ static int dsdb_schema_from_db(struct ldb_module *module, struct ldb_dn *schema_
        }
 
        (*schema)->refresh_in_progress = true;
-       (*schema)->refresh_fn = dsdb_schema_refresh;
-       (*schema)->loaded_from_module = module;
-       (*schema)->loaded_usn = current_usn;
+
+       /* If we have the readOnlySchema opaque, then don't check for
+        * runtime schema updates, as they are not permitted (we would
+        * have to update the backend server schema too */
+       if (!ldb_get_opaque(ldb, "readOnlySchema")) {
+               (*schema)->refresh_fn = dsdb_schema_refresh;
+               (*schema)->loaded_from_module = module;
+               (*schema)->loaded_usn = current_usn;
+       }
 
        /* "dsdb_set_schema()" steals schema into the ldb_context */
        ret = dsdb_set_schema(ldb, (*schema));