error_count += self.check_deleted_objects_containers()
+ self.attribute_or_class_ids = set()
+
for object in res:
self.dn_set.add(str(object.dn))
error_count += self.check_object(object.dn, attrs=attrs)
self.err_doubled_userParameters(obj, attrname, obj[attrname])
continue
+ if attrname.lower() == 'attributeid' or attrname.lower() == 'governsid':
+ if obj[attrname][0] in self.attribute_or_class_ids:
+ error_count += 1
+ self.report('Error: %s %s on %s already exists as an attributeId or governsId'
+ % (attrname, obj.dn, obj[attrname][0]))
+ else:
+ self.attribute_or_class_ids.add(obj[attrname][0])
+
# check for empty attributes
for val in obj[attrname]:
if val == '':
import urllib
import string
import tempfile
+import samba.dsdb
import ldb
})
# The LDIF here was created when the Schema object was constructed
+ ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID
logger.info("Setting up sam.ldb schema")
- samdb.add_ldif(schema.schema_dn_add, controls=["relax:0"])
- samdb.modify_ldif(schema.schema_dn_modify)
+ samdb.add_ldif(schema.schema_dn_add,
+ controls=["relax:0", ignore_checks_oid])
+ samdb.modify_ldif(schema.schema_dn_modify,
+ controls=[ignore_checks_oid])
samdb.write_prefixes_from_schema()
- samdb.add_ldif(schema.schema_data, controls=["relax:0"])
+ samdb.add_ldif(schema.schema_data, controls=["relax:0", ignore_checks_oid])
setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
- {"SCHEMADN": names.schemadn})
+ {"SCHEMADN": names.schemadn},
+ controls=["relax:0", ignore_checks_oid])
# Now register this container in the root of the forest
msg = ldb.Message(ldb.Dn(samdb, names.domaindn))
'ipsecISAKMPReference',
'ipsecNegotiationPolicyReference',
'ipsecNFAReference'])
+ if chk.check_database(DN=names.schemadn, scope=ldb.SCOPE_SUBTREE,
+ attrs=['attributeId', 'governsId']) != 0:
+ raise ProvisioningError("Duplicate attributeId or governsId in schema. Must be fixed manually!!")
except:
samdb.transaction_cancel()
raise
ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);
ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);
ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
+ ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);
ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
"objectclass", "classSchema") != NULL) {
ac->type = SAMLDB_TYPE_CLASS;
- ret = samldb_schema_governsid_valid_check(ac);
- if (ret != LDB_SUCCESS) {
- return ret;
+ /* If in provision, these checks are too slow to do */
+ if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
+ ret = samldb_schema_governsid_valid_check(ac);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
ret = samldb_schema_ldapdisplayname_valid_check(ac);
"objectclass", "attributeSchema") != NULL) {
ac->type = SAMLDB_TYPE_ATTRIBUTE;
- ret = samldb_schema_attributeid_valid_check(ac);
- if (ret != LDB_SUCCESS) {
- return ret;
+ /* If in provision, these checks are too slow to do */
+ if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
+ ret = samldb_schema_attributeid_valid_check(ac);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
ret = samldb_schema_ldapdisplayname_valid_check(ac);
uint32_t new_flags; /* the new flags stored */
};
+/*
+ * Ignores strict checking when adding objects to samldb.
+ * This is used when provisioning, as checking all objects when added
+ * was slow due to an unindexed search.
+ */
+#define DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID "1.3.6.1.4.1.7165.4.3.28"
+
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
struct dsdb_extended_replicated_object {
struct ldb_message *msg;
#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID 1.3.6.1.4.1.7165.4.3.25
#Allocated: DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.26
#Allocated: DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID 1.3.6.1.4.1.7165.4.3.27
+#Allocated: DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID 1.3.6.1.4.1.7165.4.3.28
# Extended 1.3.6.1.4.1.7165.4.4.x
#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1