From 4257235cc826440bc6c0488d4962eadd70ccb6fd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 27 Aug 2014 15:13:30 +0200 Subject: [PATCH] samba-tool/ldapcmp: update the list of non replicated attributes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10788 Signed-off-by: Stefan Metzmacher --- python/samba/netcmd/ldapcmp.py | 62 +++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 13 deletions(-) diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py index 89c175b..96b94f2 100644 --- a/python/samba/netcmd/ldapcmp.py +++ b/python/samba/netcmd/ldapcmp.py @@ -394,19 +394,54 @@ class LDAPObject(object): for x in self.con.server_names: self.dn = self.dn.replace("CN=${SERVER_NAME}", "CN=%s" % x) self.attributes = self.con.get_attributes(self.dn) - # Attributes that are considered always to be different e.g based on timestamp etc. - # # One domain - two domain controllers - self.ignore_attributes = [ - # Default Naming Context - "lastLogon", "lastLogoff", "badPwdCount", "logonCount", "badPasswordTime", "modifiedCount", - "operatingSystemVersion","oEMInformation", - "ridNextRID", "rIDPreviousAllocationPool", - # Configuration Naming Context - "repsFrom", "dSCorePropagationData", "msExchServer1HighestUSN", - "replUpToDateVector", "repsTo", "whenChanged", "uSNChanged", "uSNCreated", - # Schema Naming Context - "prefixMap"] + # + # Some attributes are defined as FLAG_ATTR_NOT_REPLICATED + # + # The following list was generated by + # egrep '^systemFlags: |^ldapDisplayName: |^linkID: ' \ + # source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt | \ + # grep -B1 FLAG_ATTR_NOT_REPLICATED | \ + # grep ldapDisplayName | \ + # cut -d ' ' -f2 + self.non_replicated_attributes = [ + "badPasswordTime", + "badPwdCount", + "dSCorePropagationData", + "lastLogoff", + "lastLogon", + "logonCount", + "modifiedCount", + "msDS-Cached-Membership", + "msDS-Cached-Membership-Time-Stamp", + "msDS-EnabledFeatureBL", + "msDS-ExecuteScriptPassword", + "msDS-NcType", + "msDS-ReplicationEpoch", + "msDS-RetiredReplNCSignatures", + "msDS-USNLastSyncSuccess", + # "distinguishedName", # This is implicitly replicated + # "objectGUID", # This is implicitly replicated + "partialAttributeDeletionList", + "partialAttributeSet", + "pekList", + "prefixMap", + "replPropertyMetaData", + "replUpToDateVector", + "repsFrom", + "repsTo", + "rIDNextRID", + "rIDPreviousAllocationPool", + "schemaUpdate", + "serverState", + "subRefs", + "uSNChanged", + "uSNCreated", + "uSNLastObjRem", + # "whenChanged", # This is implicitly replicated + ] + self.ignore_attributes = self.non_replicated_attributes + self.ignore_attributes += ["msExchServer1HighestUSN"] if filter_list: self.ignore_attributes += filter_list @@ -419,11 +454,12 @@ class LDAPObject(object): if self.two_domains: self.ignore_attributes += [ - "objectCategory", "objectGUID", "objectSid", "whenCreated", "pwdLastSet", "uSNCreated", "creationTime", + "objectCategory", "objectGUID", "objectSid", "whenCreated", "whenChanged", "pwdLastSet", "uSNCreated", "creationTime", "modifiedCount", "priorSetTime", "rIDManagerReference", "gPLink", "ipsecNFAReference", "fRSPrimaryMember", "fSMORoleOwner", "masteredBy", "ipsecOwnersReference", "wellKnownObjects", "badPwdCount", "ipsecISAKMPReference", "ipsecFilterReference", "msDs-masteredBy", "lastSetTime", "ipsecNegotiationPolicyReference", "subRefs", "gPCFileSysPath", "accountExpires", "invocationId", + "operatingSystemVersion", "oEMInformation", # After Exchange preps "targetAddress", "msExchMailboxGuid", "siteFolderGUID"] # -- 1.9.1