From b2d831f23d5a5513b4d4c767dbfe5de555afae30 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Wed, 13 Dec 2017 15:27:20 +1300 Subject: [PATCH] domain.py: Force schema upgrade to be used only on the schema master While this may be enforced at lower levels, it would be better to warn earlier rather than later. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett --- python/samba/netcmd/domain.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 6702bc3bcf0..9db2304c1d5 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -58,6 +58,7 @@ from samba.netcmd import ( SuperCommand, Option ) +from samba.netcmd.fsmo import get_fsmo_roleowner from samba.netcmd.common import netcmd_get_domain_infos_via_cldap from samba.samba3 import Samba3 from samba.samba3 import param as s3param @@ -4081,6 +4082,12 @@ class cmd_domain_schema_upgrade(Command): print("Temporarily overriding 'dsdb:schema update allowed' setting") updates_allowed_overriden = True + own_dn = ldb.Dn(samdb, samdb.get_dsServiceName()) + master = get_fsmo_roleowner(samdb, str(samdb.get_schema_basedn()), + 'schema') + if own_dn != master: + raise CommandError("This server is not the schema master.") + # if specific LDIF files were specified, just apply them if ldf_files: schema_updates = ldf_files.split(",") -- 2.34.1