12008 – RODCs are not read-only

Bug 12008 - RODCs are not read-only

Summary: RODCs are not read-only

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.4.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-04 04:20 UTC by Bob Campbell
Modified:	2017-04-18 22:25 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bob Campbell 2016-07-04 04:20:59 UTC

RODCs can add and delete objects from their local LDB without restriction. This is because the only relevant RODC check is only done to modifications. A side-effect of this is that the KCC creates local links from an RODC to other DCs.

Comment 1 Garming Sam 2017-04-18 22:25:09 UTC

Fixed in commit b3ba0c85ffe08c39b9144b644b6aabca4ca17dfe

Adds and deletes now cause referrals to be sent.